diff options
author | Jean-Marc Valin <jmvalin@jmvalin.ca> | 2018-03-22 17:40:35 -0400 |
---|---|---|
committer | Jean-Marc Valin <jmvalin@jmvalin.ca> | 2018-03-27 15:13:25 -0400 |
commit | ef203135b49eb37327fb6884c272108fef485e0d (patch) | |
tree | 512145c932ab2cbb1f1158b986091b9b6ca52bf0 | |
parent | 9b092dd388a98f8ceb8ec703fe2b757e88e96ec0 (diff) | |
download | libopus-ef203135b49eb37327fb6884c272108fef485e0d.tar.gz |
Adding ENABLE_HARDENING
Enables "safes" assertions even with ENABLE_ASSERTIONS isn't set
-rw-r--r-- | Makefile.am | 10 | ||||
-rw-r--r-- | celt/arch.h | 25 | ||||
-rw-r--r-- | celt/arm/celt_neon_intr.c | 2 | ||||
-rw-r--r-- | celt/bands.c | 6 | ||||
-rw-r--r-- | celt/cwrs.c | 2 | ||||
-rw-r--r-- | celt/entcode.h | 4 | ||||
-rw-r--r-- | celt/mathops.c | 2 | ||||
-rw-r--r-- | celt/mathops.h | 2 | ||||
-rw-r--r-- | celt/pitch.c | 2 | ||||
-rw-r--r-- | celt/quant_bands.c | 2 | ||||
-rw-r--r-- | celt/tests/test_unit_entropy.c | 1 | ||||
-rw-r--r-- | celt/tests/test_unit_laplace.c | 2 | ||||
-rw-r--r-- | celt/tests/test_unit_rotation.c | 2 | ||||
-rw-r--r-- | celt/vq.c | 4 | ||||
-rw-r--r-- | celt/x86/vq_sse2.c | 2 | ||||
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | tests/test_opus_projection.c | 10 |
17 files changed, 57 insertions, 30 deletions
diff --git a/Makefile.am b/Makefile.am index f25a9505..9c09decd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -143,11 +143,15 @@ tests_test_opus_decode_LDADD = libopus.la $(NE10_LIBS) $(LIBM) tests_test_opus_padding_SOURCES = tests/test_opus_padding.c tests/test_opus_common.h tests_test_opus_padding_LDADD = libopus.la $(NE10_LIBS) $(LIBM) -tests_test_opus_projection_SOURCES = tests/test_opus_projection.c tests/test_opus_common.h -tests_test_opus_projection_LDADD = libopus.la $(NE10_LIBS) $(LIBM) - CELT_OBJ = $(CELT_SOURCES:.c=.lo) SILK_OBJ = $(SILK_SOURCES:.c=.lo) +OPUS_OBJ = $(OPUS_SOURCES:.c=.lo) + +tests_test_opus_projection_SOURCES = tests/test_opus_projection.c tests/test_opus_common.h +tests_test_opus_projection_LDADD = $(OPUS_OBJ) $(SILK_OBJ) $(CELT_OBJ) $(NE10_LIBS) $(LIBM) +if OPUS_ARM_EXTERNAL_ASM +tests_test_opus_projection_LDADD += libarmasm.la +endif silk_tests_test_unit_LPC_inv_pred_gain_SOURCES = silk/tests/test_unit_LPC_inv_pred_gain.c silk_tests_test_unit_LPC_inv_pred_gain_LDADD = $(SILK_OBJ) $(CELT_OBJ) $(NE10_LIBS) $(LIBM) diff --git a/celt/arch.h b/celt/arch.h index d1e6457c..ffca8cf3 100644 --- a/celt/arch.h +++ b/celt/arch.h @@ -56,25 +56,40 @@ #define CELT_SIG_SCALE 32768.f -#define celt_fatal(str) _celt_fatal(str, __FILE__, __LINE__); -#ifdef ENABLE_ASSERTIONS +#define CELT_FATAL(str) celt_fatal(str, __FILE__, __LINE__); + +#if defined(ENABLE_ASSERTIONS) || defined(ENABLE_HARDENING) +#ifdef __GNUC__ +__attribute__((noreturn)) +#endif +void celt_fatal(const char *str, const char *file, int line); + +#if defined(CELT_C) && !defined(OVERRIDE_celt_fatal) #include <stdio.h> #include <stdlib.h> #ifdef __GNUC__ __attribute__((noreturn)) #endif -static OPUS_INLINE void _celt_fatal(const char *str, const char *file, int line) +void celt_fatal(const char *str, const char *file, int line) { fprintf (stderr, "Fatal (internal) error in %s, line %d: %s\n", file, line, str); abort(); } -#define celt_assert(cond) {if (!(cond)) {celt_fatal("assertion failed: " #cond);}} -#define celt_assert2(cond, message) {if (!(cond)) {celt_fatal("assertion failed: " #cond "\n" message);}} +#endif + +#define celt_assert(cond) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond);}} +#define celt_assert2(cond, message) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond "\n" message);}} #else #define celt_assert(cond) #define celt_assert2(cond, message) #endif +#if defined(ENABLE_ASSERTIONS) +#define celt_sig_assert(cond) {if (!(cond)) {CELT_FATAL("signal assertion failed: " #cond);}} +#else +#define celt_sig_assert(cond) +#endif + #define IMUL32(a,b) ((a)*(b)) #define MIN16(a,b) ((a) < (b) ? (a) : (b)) /**< Minimum 16-bit value. */ diff --git a/celt/arm/celt_neon_intr.c b/celt/arm/celt_neon_intr.c index cf443988..effda769 100644 --- a/celt/arm/celt_neon_intr.c +++ b/celt/arm/celt_neon_intr.c @@ -196,7 +196,7 @@ void celt_pitch_xcorr_float_neon(const opus_val16 *_x, const opus_val16 *_y, int i; (void)arch; celt_assert(max_pitch > 0); - celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); + celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); for (i = 0; i < (max_pitch-3); i += 4) { xcorr_kernel_neon_float((const float32_t *)_x, (const float32_t *)_y+i, diff --git a/celt/bands.c b/celt/bands.c index 19a5f1af..52228f7d 100644 --- a/celt/bands.c +++ b/celt/bands.c @@ -70,10 +70,10 @@ opus_int16 bitexact_cos(opus_int16 x) opus_int32 tmp; opus_int16 x2; tmp = (4096+((opus_int32)(x)*(x)))>>13; - celt_assert(tmp<=32767); + celt_sig_assert(tmp<=32767); x2 = tmp; x2 = (32767-x2) + FRAC_MUL16(x2, (-7651 + FRAC_MUL16(x2, (8277 + FRAC_MUL16(-626, x2))))); - celt_assert(x2<=32766); + celt_sig_assert(x2<=32766); return 1+x2; } @@ -282,7 +282,7 @@ void anti_collapse(const CELTMode *m, celt_norm *X_, unsigned char *collapse_mas N0 = m->eBands[i+1]-m->eBands[i]; /* depth in 1/8 bits */ - celt_assert(pulses[i]>=0); + celt_sig_assert(pulses[i]>=0); depth = celt_udiv(1+pulses[i], (m->eBands[i+1]-m->eBands[i]))>>LM; #ifdef FIXED_POINT diff --git a/celt/cwrs.c b/celt/cwrs.c index 9722f0ac..a552e4f0 100644 --- a/celt/cwrs.c +++ b/celt/cwrs.c @@ -482,7 +482,7 @@ static opus_val32 cwrsi(int _n,int _k,opus_uint32 _i,int *_y){ k0=_k; q=row[_n]; if(q>_i){ - celt_assert(p>q); + celt_sig_assert(p>q); _k=_n; do p=CELT_PVQ_U_ROW[--_k][_n]; while(p>_i); diff --git a/celt/entcode.h b/celt/entcode.h index 13d6c84e..3763e3f2 100644 --- a/celt/entcode.h +++ b/celt/entcode.h @@ -122,7 +122,7 @@ opus_uint32 ec_tell_frac(ec_ctx *_this); /* Tested exhaustively for all n and for 1<=d<=256 */ static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) { - celt_assert(d>0); + celt_sig_assert(d>0); #ifdef USE_SMALL_DIV_TABLE if (d>256) return n/d; @@ -138,7 +138,7 @@ static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) { } static OPUS_INLINE opus_int32 celt_sudiv(opus_int32 n, opus_int32 d) { - celt_assert(d>0); + celt_sig_assert(d>0); #ifdef USE_SMALL_DIV_TABLE if (n<0) return -(opus_int32)celt_udiv(-n, d); diff --git a/celt/mathops.c b/celt/mathops.c index 21a01f52..78b52cc8 100644 --- a/celt/mathops.c +++ b/celt/mathops.c @@ -182,7 +182,7 @@ opus_val32 celt_rcp(opus_val32 x) int i; opus_val16 n; opus_val16 r; - celt_assert2(x>0, "celt_rcp() only defined for positive values"); + celt_sig_assert(x>0); i = celt_ilog2(x); /* n is Q15 with range [0,1). */ n = VSHR32(x,i-15)-32768; diff --git a/celt/mathops.h b/celt/mathops.h index 5324c18a..5e86ff0d 100644 --- a/celt/mathops.h +++ b/celt/mathops.h @@ -179,7 +179,7 @@ static OPUS_INLINE float celt_exp2(float x) /** Integer log in base2. Undefined for zero and negative numbers */ static OPUS_INLINE opus_int16 celt_ilog2(opus_int32 x) { - celt_assert2(x>0, "celt_ilog2() only defined for strictly positive numbers"); + celt_sig_assert(x>0); return EC_ILOG(x)-1; } #endif diff --git a/celt/pitch.c b/celt/pitch.c index 38a9e68d..872582a4 100644 --- a/celt/pitch.c +++ b/celt/pitch.c @@ -249,7 +249,7 @@ celt_pitch_xcorr_c(const opus_val16 *_x, const opus_val16 *_y, opus_val32 maxcorr=1; #endif celt_assert(max_pitch>0); - celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); + celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); for (i=0;i<max_pitch-3;i+=4) { opus_val32 sum[4]={0,0,0,0}; diff --git a/celt/quant_bands.c b/celt/quant_bands.c index 56101b1c..39a221ed 100644 --- a/celt/quant_bands.c +++ b/celt/quant_bands.c @@ -457,7 +457,7 @@ void unquant_coarse_energy(const CELTMode *m, int start, int end, opus_val16 *ol /* It would be better to express this invariant as a test on C at function entry, but that isn't enough to make the static analyzer happy. */ - celt_assert(c<2); + celt_sig_assert(c<2); tell = ec_tell(dec); if(budget-tell>=15) { diff --git a/celt/tests/test_unit_entropy.c b/celt/tests/test_unit_entropy.c index ff926586..7f674529 100644 --- a/celt/tests/test_unit_entropy.c +++ b/celt/tests/test_unit_entropy.c @@ -34,6 +34,7 @@ #include <stdio.h> #include <math.h> #include <time.h> +#define CELT_C #include "entcode.h" #include "entenc.h" #include "entdec.h" diff --git a/celt/tests/test_unit_laplace.c b/celt/tests/test_unit_laplace.c index 22951e29..727bf012 100644 --- a/celt/tests/test_unit_laplace.c +++ b/celt/tests/test_unit_laplace.c @@ -31,8 +31,8 @@ #include <stdio.h> #include <stdlib.h> -#include "laplace.h" #define CELT_C +#include "laplace.h" #include "stack_alloc.h" #include "entenc.c" diff --git a/celt/tests/test_unit_rotation.c b/celt/tests/test_unit_rotation.c index 267b9830..8a31b3f2 100644 --- a/celt/tests/test_unit_rotation.c +++ b/celt/tests/test_unit_rotation.c @@ -33,8 +33,6 @@ #define CUSTOM_MODES #endif -#define CELT_C - #include <stdio.h> #include <stdlib.h> #include "vq.h" @@ -230,12 +230,12 @@ opus_val16 op_pvq_search_c(celt_norm *X, int *iy, int K, int N, int arch) pulsesLeft -= iy[j]; } while (++j<N); } - celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass"); + celt_sig_assert(pulsesLeft>=0); /* This should never happen, but just in case it does (e.g. on silence) we fill the first bin with pulses. */ #ifdef FIXED_POINT_DEBUG - celt_assert2(pulsesLeft<=N+3, "Not enough pulses in the quick pass"); + celt_sig_assert(pulsesLeft<=N+3); #endif if (pulsesLeft > N+3) { diff --git a/celt/x86/vq_sse2.c b/celt/x86/vq_sse2.c index 6a317703..77504286 100644 --- a/celt/x86/vq_sse2.c +++ b/celt/x86/vq_sse2.c @@ -135,7 +135,7 @@ opus_val16 op_pvq_search_sse2(celt_norm *_X, int *iy, int K, int N, int arch) } X[N] = X[N+1] = X[N+2] = -100; y[N] = y[N+1] = y[N+2] = 100; - celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass"); + celt_sig_assert(pulsesLeft>=0); /* This should never happen, but just in case it does (e.g. on silence) we fill the first bin with pulses. */ diff --git a/configure.ac b/configure.ac index 3bd683b3..4b416fe5 100644 --- a/configure.ac +++ b/configure.ac @@ -759,6 +759,14 @@ AS_IF([test "$enable_assertions" = "yes"], [ AC_DEFINE([ENABLE_ASSERTIONS], [1], [Assertions]) ]) +AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--enable-hardening],[enable run-time checks that are cheap and safe for use in production])],, + [enable_hardening=no]) + +AS_IF([test "$enable_hardening" = "yes"], [ + AC_DEFINE([ENABLE_HARDENING], [1], [Hardening]) +]) + AC_ARG_ENABLE([fuzzing], [AS_HELP_STRING([--enable-fuzzing],[causes the encoder to make random decisions])],, [enable_fuzzing=no]) @@ -919,6 +927,7 @@ AC_MSG_NOTICE([ Run-time CPU detection: ........ ${rtcd_support} Custom modes: .................. ${enable_custom_modes} Assertion checking: ............ ${enable_assertions} + Hardening: ..................... ${enable_hardening} Fuzzing: ....................... ${enable_fuzzing} Check ASM: ..................... ${enable_check_asm} Ambisonics support: ............ ${enable_ambisonics} diff --git a/tests/test_opus_projection.c b/tests/test_opus_projection.c index 3068cd38..6679a0e7 100644 --- a/tests/test_opus_projection.c +++ b/tests/test_opus_projection.c @@ -39,8 +39,8 @@ #include "test_opus_common.h" #include "opus_projection.h" #include "mathops.h" -#include "../src/mapping_matrix.c" -#include "mathops.c" +#include "../src/mapping_matrix.h" +#include "mathops.h" #ifdef ENABLE_EXPERIMENTAL_AMBISONICS @@ -103,9 +103,9 @@ void test_simple_matrix(void) MappingMatrix *simple_matrix; /* Allocate input/output buffers. */ - input_val16 = (opus_val16 *)opus_alloc(align(sizeof(opus_val16) * SIMPLE_MATRIX_INPUT_SIZE)); - output_int16 = (opus_int16 *)opus_alloc(align(sizeof(opus_int16) * SIMPLE_MATRIX_OUTPUT_SIZE)); - output_val16 = (opus_val16 *)opus_alloc(align(sizeof(opus_val16) * SIMPLE_MATRIX_OUTPUT_SIZE)); + input_val16 = (opus_val16 *)opus_alloc(sizeof(opus_val16) * SIMPLE_MATRIX_INPUT_SIZE); + output_int16 = (opus_int16 *)opus_alloc(sizeof(opus_int16) * SIMPLE_MATRIX_OUTPUT_SIZE); + output_val16 = (opus_val16 *)opus_alloc(sizeof(opus_val16) * SIMPLE_MATRIX_OUTPUT_SIZE); /* Initialize matrix */ simple_matrix_size = mapping_matrix_get_size(simple_matrix_params.rows, |