Merge "fortify: use __builtin_constant_p for more short-circuits" am: 30d4c6fb06 am: 576271755b

am: 4e652b3b34

Change-Id: Iae9080f81dbb02255ddd6cdf535ed724958a4191

4 files changed, 32 insertions, 25 deletions

diff --git a/libc/include/bits/fortify/poll.h b/libc/include/bits/fortify/poll.h
index 0d9b92793..660dfca01 100644
--- a/libc/include/bits/fortify/poll.h
+++ b/libc/include/bits/fortify/poll.h
@@ -37,6 +37,10 @@ int __ppoll64_chk(struct pollfd*, nfds_t, const struct timespec*, const sigset64
 #if defined(__BIONIC_FORTIFY)
 #if __ANDROID_API__ >= __ANDROID_API_M__
 
+#define __bos_fd_count_trivially_safe(bos_val, fds, fd_count)              \
+  __bos_dynamic_check_impl_and((bos_val), >=, (sizeof(*fds) * (fd_count)), \
+                               (fd_count) <= __BIONIC_CAST(static_cast, nfds_t, -1) / sizeof(*fds))
+
 __BIONIC_FORTIFY_INLINE
 int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeout)
     __overloadable
@@ -44,7 +48,7 @@ int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeo
                      "in call to 'poll', fd_count is larger than the given buffer") {
   size_t bos_fds = __bos(fds);
 
-  if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+  if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
     return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
   }
   return __poll_chk(fds, fd_count, timeout, bos_fds);
@@ -57,7 +61,7 @@ int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const st
                      "in call to 'ppoll', fd_count is larger than the given buffer") {
   size_t bos_fds = __bos(fds);
 
-  if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+  if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
     return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
   }
   return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
@@ -71,12 +75,14 @@ int ppoll64(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const
                      "in call to 'ppoll64', fd_count is larger than the given buffer") {
   size_t bos_fds = __bos(fds);
 
-  if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+  if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
     return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
   }
   return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
 }
 #endif
 
+#undef __bos_fd_count_trivially_safe
+
 #endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
 #endif /* defined(__BIONIC_FORTIFY) */
diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h
index fc7d35978..6e47dafee 100644
--- a/libc/include/bits/fortify/stdio.h
+++ b/libc/include/bits/fortify/stdio.h
@@ -89,6 +89,10 @@ int sprintf(char* const __pass_object_size dest, const char* format, ...) __over
 #endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
 
 #if __ANDROID_API__ >= __ANDROID_API_N__
+#define __bos_trivially_not_lt_mul(bos_val, size, count) \
+  __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
+                               !__unsafe_check_mul_overflow(size, count))
+
 __BIONIC_FORTIFY_INLINE
 size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
         __overloadable
@@ -98,7 +102,7 @@ size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FIL
                          "in call to 'fread', size * count is too large for the given buffer") {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_mul(bos, size, count)) {
         return __call_bypassing_fortify(fread)(buf, size, count, stream);
     }
     return __fread_chk(buf, size, count, stream, bos);
@@ -113,12 +117,13 @@ size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t cou
                          "in call to 'fwrite', size * count is too large for the given buffer") {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_mul(bos, size, count)) {
         return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
     }
 
     return __fwrite_chk(buf, size, count, stream, bos);
 }
+#undef __bos_trivially_not_lt_mul
 #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
 
 #if __ANDROID_API__ >= __ANDROID_API_J_MR1__
@@ -130,7 +135,7 @@ char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
                          "in call to 'fgets', size is larger than the destination buffer") {
     size_t bos = __bos(dest);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
         return __call_bypassing_fortify(fgets)(dest, size, stream);
     }
 
diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h
index 426076ea1..af93b9117 100644
--- a/libc/include/bits/fortify/string.h
+++ b/libc/include/bits/fortify/string.h
@@ -123,7 +123,7 @@ __BIONIC_FORTIFY_INLINE
 void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
     size_t bos = __bos(s);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_geq(bos, n)) {
         return __builtin_memchr(s, c, n);
     }
 
@@ -134,7 +134,7 @@ __BIONIC_FORTIFY_INLINE
 void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable {
     size_t bos = __bos(s);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_geq(bos, n)) {
         return __memrchr_real(s, c, n);
     }
 
@@ -195,24 +195,11 @@ size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size)
     return __strlcat_chk(dst, src, size, bos);
 }
 
-/*
- * If we can evaluate the size of s at compile-time, just call __builtin_strlen
- * on it directly. This makes it way easier for compilers to fold things like
- * strlen("Foo") into a constant, as users would expect. -1ULL is chosen simply
- * because it's large.
- */
-__BIONIC_FORTIFY_INLINE
-size_t strlen(const char* const s __pass_object_size)
-        __overloadable __enable_if(__builtin_strlen(s) != -1ULL,
-                                   "enabled if s is a known good string.") {
-    return __builtin_strlen(s);
-}
-
 __BIONIC_FORTIFY_INLINE
 size_t strlen(const char* const s __pass_object_size0) __overloadable {
     size_t bos = __bos0(s);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_gt(bos, __builtin_strlen(s))) {
         return __builtin_strlen(s);
     }
 
diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index b4ae39394..42bf451a1 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -297,12 +297,21 @@
   ((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val))
 
 /* Intended for use in evaluated contexts. */
+#define __bos_dynamic_check_impl_and(bos_val, op, index, cond) \
+  (bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE ||                 \
+   (__builtin_constant_p(index) && bos_val op index && (cond)))
+
 #define __bos_dynamic_check_impl(bos_val, op, index) \
-  (bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE || (__builtin_constant_p(index) && bos_val op index))
+  __bos_dynamic_check_impl_and(bos_val, op, index, 1)
+
+#define __bos_trivially_geq(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index))
+
+#define __bos_trivially_gt(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index))
 
 /* The names here are meant to match nicely with the __bos_unevaluated macros above. */
-#define __bos_trivially_not_lt(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index))
-#define __bos_trivially_not_leq(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index))
+#define __bos_trivially_not_lt __bos_trivially_geq
+#define __bos_trivially_not_leq __bos_trivially_gt
+
 
 #if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS)
 #  define __BIONIC_INCLUDE_FORTIFY_HEADERS 1