From 04f02ac6b2ce496b86642987bb7e25d21b52a5b6 Mon Sep 17 00:00:00 2001 From: Kim Barrett Date: Wed, 8 Jun 2022 19:16:46 +0000 Subject: [PATCH] 8214976: Warn about uses of functions replaced for portability Reviewed-by: dholmes, tschatzl, coleenp --- src/hotspot/os/posix/os_posix.cpp | 8 ++-- src/hotspot/os/windows/os_windows.cpp | 6 +-- src/hotspot/share/jvmci/jvmciEnv.cpp | 4 +- src/hotspot/share/runtime/vmThread.cpp | 4 +- .../share/utilities/compilerWarnings.hpp | 23 +++++++++++- .../share/utilities/compilerWarnings_gcc.hpp | 24 +++++++++++- .../utilities/compilerWarnings_visCPP.hpp | 37 ++++++++++++++++++- .../share/utilities/globalDefinitions.hpp | 13 +++++++ test/hotspot/gtest/gtestMain.cpp | 15 ++++---- test/hotspot/gtest/unittest.cpp | 31 ++++++++++++++++ test/hotspot/gtest/unittest.hpp | 15 +++++--- 11 files changed, 153 insertions(+), 27 deletions(-) create mode 100644 test/hotspot/gtest/unittest.cpp diff --git a/src/hotspot/os/posix/os_posix.cpp b/src/hotspot/os/posix/os_posix.cpp index 1e03ed2e731..9fe1028c3f4 100644 --- a/src/hotspot/os/posix/os_posix.cpp +++ b/src/hotspot/os/posix/os_posix.cpp @@ -415,7 +415,7 @@ char* os::map_memory_to_file_aligned(size_t size, size_t alignment, int file_des int os::vsnprintf(char* buf, size_t len, const char* fmt, va_list args) { // All supported POSIX platforms provide C99 semantics. - int result = ::vsnprintf(buf, len, fmt, args); + ALLOW_C_FUNCTION(::vsnprintf, int result = ::vsnprintf(buf, len, fmt, args);) // If an encoding error occurred (result < 0) then it's not clear // whether the buffer is NUL terminated, so ensure it is. if ((result < 0) && (len > 0)) { @@ -783,11 +783,11 @@ struct hostent* os::get_host_by_name(char* name) { } void os::exit(int num) { - ::exit(num); + ALLOW_C_FUNCTION(::exit, ::exit(num);) } void os::_exit(int num) { - ::_exit(num); + ALLOW_C_FUNCTION(::_exit, ::_exit(num);) } // Builds a platform dependent Agent_OnLoad_ function name @@ -2003,7 +2003,7 @@ void os::abort(bool dump_core, void* siginfo, const void* context) { LINUX_ONLY(if (DumpPrivateMappingsInCore) ClassLoader::close_jrt_image();) ::abort(); // dump core } - ::_exit(1); + os::_exit(1); } // Die immediately, no exit hook, no abort hook, no cleanup. diff --git a/src/hotspot/os/windows/os_windows.cpp b/src/hotspot/os/windows/os_windows.cpp index 1bd31cf4216..b45dcc48b92 100644 --- a/src/hotspot/os/windows/os_windows.cpp +++ b/src/hotspot/os/windows/os_windows.cpp @@ -1686,7 +1686,7 @@ void os::get_summary_os_info(char* buf, size_t buflen) { int os::vsnprintf(char* buf, size_t len, const char* fmt, va_list args) { #if _MSC_VER >= 1900 // Starting with Visual Studio 2015, vsnprint is C99 compliant. - int result = ::vsnprintf(buf, len, fmt, args); + ALLOW_C_FUNCTION(::vsnprintf, int result = ::vsnprintf(buf, len, fmt, args);) // If an encoding error occurred (result < 0) then it's not clear // whether the buffer is NUL terminated, so ensure it is. if ((result < 0) && (len > 0)) { @@ -4139,9 +4139,9 @@ int os::win32::exit_process_or_thread(Ept what, int exit_code) { if (what == EPT_THREAD) { _endthreadex((unsigned)exit_code); } else if (what == EPT_PROCESS) { - ::exit(exit_code); + ALLOW_C_FUNCTION(::exit, ::exit(exit_code);) } else { // EPT_PROCESS_DIE - ::_exit(exit_code); + ALLOW_C_FUNCTION(::_exit, ::_exit(exit_code);) } // Should not reach here diff --git a/src/hotspot/share/jvmci/jvmciEnv.cpp b/src/hotspot/share/jvmci/jvmciEnv.cpp index a6e8f2496a3..4561a874f27 100644 --- a/src/hotspot/share/jvmci/jvmciEnv.cpp +++ b/src/hotspot/share/jvmci/jvmciEnv.cpp @@ -39,6 +39,7 @@ #include "runtime/deoptimization.hpp" #include "runtime/jniHandles.inline.hpp" #include "runtime/javaCalls.hpp" +#include "runtime/os.hpp" #include "jvmci/jniAccessMark.inline.hpp" #include "jvmci/jvmciCompiler.hpp" #include "jvmci/jvmciRuntime.hpp" @@ -730,8 +731,7 @@ void JVMCIEnv::fthrow_error(const char* file, int line, const char* format, ...) va_list ap; va_start(ap, format); char msg[max_msg_size]; - vsnprintf(msg, max_msg_size, format, ap); - msg[max_msg_size-1] = '\0'; + os::vsnprintf(msg, max_msg_size, format, ap); va_end(ap); JavaThread* THREAD = JavaThread::current(); if (is_hotspot()) { diff --git a/src/hotspot/share/runtime/vmThread.cpp b/src/hotspot/share/runtime/vmThread.cpp index 54192e6a7d7..8b6430952a3 100644 --- a/src/hotspot/share/runtime/vmThread.cpp +++ b/src/hotspot/share/runtime/vmThread.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -385,7 +385,7 @@ static void self_destruct_if_needed() { if ((SelfDestructTimer != 0.0) && !VMError::is_error_reported() && (os::elapsedTime() > SelfDestructTimer * 60.0)) { tty->print_cr("VM self-destructed"); - exit(-1); + os::exit(-1); } } diff --git a/src/hotspot/share/utilities/compilerWarnings.hpp b/src/hotspot/share/utilities/compilerWarnings.hpp index bea99d69ebb..d1fca37c697 100644 --- a/src/hotspot/share/utilities/compilerWarnings.hpp +++ b/src/hotspot/share/utilities/compilerWarnings.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -70,4 +70,25 @@ #define PRAGMA_NONNULL_IGNORED #endif +// Support warnings for use of certain C functions, except where explicitly +// permitted. +// +// FORBID_C_FUNCTION(signature, alternative) +// - signature: the function that should not normally be used. +// - alternative: a string that may be used in a warning about a use, typically +// suggesting an alternative. +// +// ALLOW_C_FUNCTION(name, ... using statement ...) +// - name: the name of a forbidden function whose use is permitted in statement. +// - statement: a use of the otherwise forbidden function. Using a variadic +// tail allows the statement to contain non-nested commas. + +#ifndef FORBID_C_FUNCTION +#define FORBID_C_FUNCTION(signature, alternative) +#endif + +#ifndef ALLOW_C_FUNCTION +#define ALLOW_C_FUNCTION(name, ...) __VA_ARGS__ +#endif + #endif // SHARE_UTILITIES_COMPILERWARNINGS_HPP diff --git a/src/hotspot/share/utilities/compilerWarnings_gcc.hpp b/src/hotspot/share/utilities/compilerWarnings_gcc.hpp index b76e7fa7e1b..c8cfcdae1d2 100644 --- a/src/hotspot/share/utilities/compilerWarnings_gcc.hpp +++ b/src/hotspot/share/utilities/compilerWarnings_gcc.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,4 +63,26 @@ #endif // clang/gcc version check +#if (__GNUC__ >= 9) || (__clang_major__ >= 14) + +// Use "warning" attribute to detect uses of "forbidden" functions. +// +// Note: _FORTIFY_SOURCE transforms calls to certain functions into calls to +// associated "checking" functions, and that transformation seems to occur +// *before* the attribute check. We use fortification in fastdebug builds, +// so uses of functions that are both forbidden and fortified won't cause +// forbidden warnings in such builds. +#define FORBID_C_FUNCTION(signature, alternative) \ + extern "C" __attribute__((__warning__(alternative))) signature; + +// Disable warning attribute over the scope of the affected statement. +// The name serves only to document the intended function. +#define ALLOW_C_FUNCTION(name, ...) \ + PRAGMA_DIAG_PUSH \ + PRAGMA_DISABLE_GCC_WARNING("-Wattribute-warning") \ + __VA_ARGS__ \ + PRAGMA_DIAG_POP + +#endif // gcc9+ or clang14+ + #endif // SHARE_UTILITIES_COMPILERWARNINGS_GCC_HPP diff --git a/src/hotspot/share/utilities/compilerWarnings_visCPP.hpp b/src/hotspot/share/utilities/compilerWarnings_visCPP.hpp index 1df94622b1d..0b52fa5adf3 100644 --- a/src/hotspot/share/utilities/compilerWarnings_visCPP.hpp +++ b/src/hotspot/share/utilities/compilerWarnings_visCPP.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,4 +30,39 @@ #define PRAGMA_DISABLE_MSVC_WARNING(num) __pragma(warning(disable : num)) +// The Visual Studio implementation of FORBID_C_FUNCTION explicitly does +// nothing, because there doesn't seem to be a way to implement it for Visual +// Studio. What seems the most likely approach is to use deprecation warnings, +// but that runs into problems. +// +// (1) Declaring the function deprecated (using either __declspec(deprecated) +// or the C++14 [[deprecated]] attribute) fails with warnings like this: +// warning C4273: 'exit': inconsistent dll linkage +// It seems attributes are not simply additive with this compiler. +// +// (2) Additionally adding __declspec(dllimport) to deal with (1) fails with +// warnings like this: +// error C2375: 'vsnprintf': redefinition; different linkage +// It seems some functions in the set of interest have different linkage than +// others ("exit" is marked imported while "vsnprintf" is not, for example). +// That makes it difficult to provide a generic macro. +// +// (3) Using __pragma(deprecated(name)) fails with +// warning C4995: 'frobnicate': name was marked as #pragma deprecated +// for a *declaration* (not a use) of a 'frobnicate' function. +// +// ALLOW_C_FUNCTIONS disables deprecation warnings over the statement scope. +// Some of the functions we're interested in allowing are conditionally +// deprecated on Windows, under the control of various preprocessor defines +// such as _CRT_SECURE_NO_WARNINGS. Annotating vetted uses allows those +// warnings to catch unchecked uses. + +#define FORBID_C_FUNCTION(signature, alternative) + +#define ALLOW_C_FUNCTION(name, ...) \ + PRAGMA_DIAG_PUSH \ + PRAGMA_DISABLE_MSVC_WARNING(4996) \ + __VA_ARGS__ \ + PRAGMA_DIAG_POP + #endif // SHARE_UTILITIES_COMPILERWARNINGS_VISCPP_HPP diff --git a/src/hotspot/share/utilities/globalDefinitions.hpp b/src/hotspot/share/utilities/globalDefinitions.hpp index 50b219b9280..d13164f4202 100644 --- a/src/hotspot/share/utilities/globalDefinitions.hpp +++ b/src/hotspot/share/utilities/globalDefinitions.hpp @@ -156,6 +156,19 @@ inline intptr_t p2i(const volatile void* p) { return (intptr_t) p; } + +//---------------------------------------------------------------------------------------------------- +// Forbid the use of various C library functions. +// Some of these have os:: replacements that should normally be used instead. +// Others are considered security concerns, with preferred alternatives. + +FORBID_C_FUNCTION(void exit(int), "use os::exit"); +FORBID_C_FUNCTION(void _exit(int), "use os::exit"); +FORBID_C_FUNCTION(char* strerror(int), "use os::strerror"); +FORBID_C_FUNCTION(char* strtok(char*, const char*), "use strtok_r"); +FORBID_C_FUNCTION(int vsprintf(char*, const char*, va_list), "use os::vsnprintf"); +FORBID_C_FUNCTION(int vsnprintf(char*, size_t, const char*, va_list), "use os::vsnprintf"); + //---------------------------------------------------------------------------------------------------- // Constants diff --git a/test/hotspot/gtest/gtestMain.cpp b/test/hotspot/gtest/gtestMain.cpp index 2fa875efaf5..4ed28beaac7 100644 --- a/test/hotspot/gtest/gtestMain.cpp +++ b/test/hotspot/gtest/gtestMain.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,6 +38,7 @@ #include "jni.h" #include "unittest.hpp" +#include "runtime/os.hpp" #include "runtime/thread.inline.hpp" // Default value for -new-thread option: true on AIX because we run into @@ -123,7 +124,7 @@ class JVMInitializerListener : public ::testing::EmptyTestEventListener { int ret_val = init_jvm(_argc, _argv, false, &_jvm); if (ret_val != 0) { ADD_FAILURE() << "Could not initialize the JVM: " << ret_val; - exit(1); + os::exit(1); } } } @@ -245,7 +246,7 @@ static void runUnitTestsInner(int argc, char** argv) { char* java_home = get_java_home_arg(argc, argv); if (java_home == NULL) { fprintf(stderr, "ERROR: You must specify a JDK to use for running the unit tests.\n"); - exit(1); + os::exit(1); } #ifndef _WIN32 int overwrite = 1; // overwrite an eventual existing value for JAVA_HOME @@ -294,7 +295,7 @@ static void runUnitTestsInner(int argc, char** argv) { if (result != 0) { fprintf(stderr, "ERROR: RUN_ALL_TESTS() failed. Error %d\n", result); - exit(2); + os::exit(2); } if (jvm_listener != NULL) { @@ -323,7 +324,7 @@ static void run_in_new_thread(const args_t* args) { hdl = CreateThread(NULL, STACK_SIZE, thread_wrapper, (void*)args, 0, NULL); if (hdl == NULL) { fprintf(stderr, "Failed to create main thread\n"); - exit(2); + os::exit(2); } WaitForSingleObject(hdl, INFINITE); } @@ -345,12 +346,12 @@ static void run_in_new_thread(const args_t* args) { if (pthread_create(&tid, &attr, thread_wrapper, (void*)args) != 0) { fprintf(stderr, "Failed to create main thread\n"); - exit(2); + os::exit(2); } if (pthread_join(tid, NULL) != 0) { fprintf(stderr, "Failed to join main thread\n"); - exit(2); + os::exit(2); } } diff --git a/test/hotspot/gtest/unittest.cpp b/test/hotspot/gtest/unittest.cpp new file mode 100644 index 00000000000..a7e07415c00 --- /dev/null +++ b/test/hotspot/gtest/unittest.cpp @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +#include "precompiled.hpp" +#include "runtime/os.hpp" + +extern void gtest_exit_from_child_vm(int num); + +void gtest_exit_from_child_vm(int num) { + os::exit(num); +} diff --git a/test/hotspot/gtest/unittest.hpp b/test/hotspot/gtest/unittest.hpp index fefcc8efc39..eb8973b3ca5 100644 --- a/test/hotspot/gtest/unittest.hpp +++ b/test/hotspot/gtest/unittest.hpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -68,6 +68,9 @@ #endif #endif +// Wrapper around os::exit so we don't need to include os.hpp here. +extern void gtest_exit_from_child_vm(int num); + #define CONCAT(a, b) a ## b #define TEST(category, name) GTEST_TEST(category, name) @@ -94,7 +97,7 @@ } \ } \ fprintf(stderr, "OKIDOKI"); \ - exit(0); \ + gtest_exit_from_child_vm(0); \ } \ \ TEST(category, CONCAT(name, _other_vm)) { \ @@ -112,7 +115,7 @@ static void child_ ## category ## _ ## name ## _() { \ ::testing::GTEST_FLAG(throw_on_failure) = true; \ test_ ## category ## _ ## name ## _(); \ - exit(0); \ + gtest_exit_from_child_vm(0); \ } \ \ TEST(category, CONCAT(name, _vm_assert)) { \ @@ -134,7 +137,7 @@ static void child_ ## category ## _ ## name ## _() { \ ::testing::GTEST_FLAG(throw_on_failure) = true; \ test_ ## category ## _ ## name ## _(); \ - exit(0); \ + gtest_exit_from_child_vm(0); \ } \ \ TEST(category, CONCAT(name, _vm_assert)) { \ @@ -155,13 +158,13 @@ static void child_ ## category ## _ ## name ## _() { \ ::testing::GTEST_FLAG(throw_on_failure) = true; \ test_ ## category ## _ ## name ## _(); \ - exit(0); \ + gtest_exit_from_child_vm(0); \ } \ \ TEST(category, CONCAT(name, _vm_assert)) { \ ASSERT_EXIT(child_ ## category ## _ ## name ## _(), \ ::testing::ExitedWithCode(1), \ - msg); \ + msg); \ } \ \ void test_ ## category ## _ ## name ## _()