ref: ef203135b49eb37327fb6884c272108fef485e0d
parent: 9b092dd388a98f8ceb8ec703fe2b757e88e96ec0
author: Jean-Marc Valin <[email protected]>
date: Thu Mar 22 13:40:35 EDT 2018
Adding ENABLE_HARDENING Enables "safes" assertions even with ENABLE_ASSERTIONS isn't set
--- a/Makefile.am
+++ b/Makefile.am
@@ -143,11 +143,15 @@
tests_test_opus_padding_SOURCES = tests/test_opus_padding.c tests/test_opus_common.h
tests_test_opus_padding_LDADD = libopus.la $(NE10_LIBS) $(LIBM)
-tests_test_opus_projection_SOURCES = tests/test_opus_projection.c tests/test_opus_common.h
-tests_test_opus_projection_LDADD = libopus.la $(NE10_LIBS) $(LIBM)
-
CELT_OBJ = $(CELT_SOURCES:.c=.lo)
SILK_OBJ = $(SILK_SOURCES:.c=.lo)
+OPUS_OBJ = $(OPUS_SOURCES:.c=.lo)
+
+tests_test_opus_projection_SOURCES = tests/test_opus_projection.c tests/test_opus_common.h
+tests_test_opus_projection_LDADD = $(OPUS_OBJ) $(SILK_OBJ) $(CELT_OBJ) $(NE10_LIBS) $(LIBM)
+if OPUS_ARM_EXTERNAL_ASM
+tests_test_opus_projection_LDADD += libarmasm.la
+endif
silk_tests_test_unit_LPC_inv_pred_gain_SOURCES = silk/tests/test_unit_LPC_inv_pred_gain.c
silk_tests_test_unit_LPC_inv_pred_gain_LDADD = $(SILK_OBJ) $(CELT_OBJ) $(NE10_LIBS) $(LIBM)
--- a/celt/arch.h
+++ b/celt/arch.h
@@ -56,23 +56,38 @@
#define CELT_SIG_SCALE 32768.f
-#define celt_fatal(str) _celt_fatal(str, __FILE__, __LINE__);
-#ifdef ENABLE_ASSERTIONS
+#define CELT_FATAL(str) celt_fatal(str, __FILE__, __LINE__);
+
+#if defined(ENABLE_ASSERTIONS) || defined(ENABLE_HARDENING)
+#ifdef __GNUC__
+__attribute__((noreturn))
+#endif
+void celt_fatal(const char *str, const char *file, int line);
+
+#if defined(CELT_C) && !defined(OVERRIDE_celt_fatal)
#include <stdio.h>
#include <stdlib.h>
#ifdef __GNUC__
__attribute__((noreturn))
#endif
-static OPUS_INLINE void _celt_fatal(const char *str, const char *file, int line)
+void celt_fatal(const char *str, const char *file, int line)
{
fprintf (stderr, "Fatal (internal) error in %s, line %d: %s\n", file, line, str);
abort();
}
-#define celt_assert(cond) {if (!(cond)) {celt_fatal("assertion failed: " #cond);}}
-#define celt_assert2(cond, message) {if (!(cond)) {celt_fatal("assertion failed: " #cond "\n" message);}}
+#endif
+
+#define celt_assert(cond) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond);}}
+#define celt_assert2(cond, message) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond "\n" message);}}
#else
#define celt_assert(cond)
#define celt_assert2(cond, message)
+#endif
+
+#if defined(ENABLE_ASSERTIONS)
+#define celt_sig_assert(cond) {if (!(cond)) {CELT_FATAL("signal assertion failed: " #cond);}}
+#else
+#define celt_sig_assert(cond)
#endif
#define IMUL32(a,b) ((a)*(b))
--- a/celt/arm/celt_neon_intr.c
+++ b/celt/arm/celt_neon_intr.c
@@ -196,7 +196,7 @@
int i;
(void)arch;
celt_assert(max_pitch > 0);
- celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
+ celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
for (i = 0; i < (max_pitch-3); i += 4) {
xcorr_kernel_neon_float((const float32_t *)_x, (const float32_t *)_y+i,
--- a/celt/bands.c
+++ b/celt/bands.c
@@ -70,10 +70,10 @@
opus_int32 tmp;
opus_int16 x2;
tmp = (4096+((opus_int32)(x)*(x)))>>13;
- celt_assert(tmp<=32767);
+ celt_sig_assert(tmp<=32767);
x2 = tmp;
x2 = (32767-x2) + FRAC_MUL16(x2, (-7651 + FRAC_MUL16(x2, (8277 + FRAC_MUL16(-626, x2)))));
- celt_assert(x2<=32766);
+ celt_sig_assert(x2<=32766);
return 1+x2;
}
@@ -282,7 +282,7 @@
N0 = m->eBands[i+1]-m->eBands[i];
/* depth in 1/8 bits */
- celt_assert(pulses[i]>=0);
+ celt_sig_assert(pulses[i]>=0);
depth = celt_udiv(1+pulses[i], (m->eBands[i+1]-m->eBands[i]))>>LM;
#ifdef FIXED_POINT
--- a/celt/cwrs.c
+++ b/celt/cwrs.c
@@ -482,7 +482,7 @@
k0=_k;
q=row[_n];
if(q>_i){
- celt_assert(p>q);
+ celt_sig_assert(p>q);
_k=_n;
do p=CELT_PVQ_U_ROW[--_k][_n];
while(p>_i);
--- a/celt/entcode.h
+++ b/celt/entcode.h
@@ -122,7 +122,7 @@
/* Tested exhaustively for all n and for 1<=d<=256 */
static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) {
- celt_assert(d>0);
+ celt_sig_assert(d>0);
#ifdef USE_SMALL_DIV_TABLE
if (d>256)
return n/d;
@@ -138,7 +138,7 @@
}
static OPUS_INLINE opus_int32 celt_sudiv(opus_int32 n, opus_int32 d) {
- celt_assert(d>0);
+ celt_sig_assert(d>0);
#ifdef USE_SMALL_DIV_TABLE
if (n<0)
return -(opus_int32)celt_udiv(-n, d);
--- a/celt/mathops.c
+++ b/celt/mathops.c
@@ -182,7 +182,7 @@
int i;
opus_val16 n;
opus_val16 r;
- celt_assert2(x>0, "celt_rcp() only defined for positive values");
+ celt_sig_assert(x>0);
i = celt_ilog2(x);
/* n is Q15 with range [0,1). */
n = VSHR32(x,i-15)-32768;
--- a/celt/mathops.h
+++ b/celt/mathops.h
@@ -179,7 +179,7 @@
/** Integer log in base2. Undefined for zero and negative numbers */
static OPUS_INLINE opus_int16 celt_ilog2(opus_int32 x)
{
- celt_assert2(x>0, "celt_ilog2() only defined for strictly positive numbers");
+ celt_sig_assert(x>0);
return EC_ILOG(x)-1;
}
#endif
--- a/celt/pitch.c
+++ b/celt/pitch.c
@@ -249,7 +249,7 @@
opus_val32 maxcorr=1;
#endif
celt_assert(max_pitch>0);
- celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
+ celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
for (i=0;i<max_pitch-3;i+=4)
{
opus_val32 sum[4]={0,0,0,0};
--- a/celt/quant_bands.c
+++ b/celt/quant_bands.c
@@ -457,7 +457,7 @@
/* It would be better to express this invariant as a
test on C at function entry, but that isn't enough
to make the static analyzer happy. */
- celt_assert(c<2);
+ celt_sig_assert(c<2);
tell = ec_tell(dec);
if(budget-tell>=15)
{
--- a/celt/tests/test_unit_entropy.c
+++ b/celt/tests/test_unit_entropy.c
@@ -34,6 +34,7 @@
#include <stdio.h>
#include <math.h>
#include <time.h>
+#define CELT_C
#include "entcode.h"
#include "entenc.h"
#include "entdec.h"
--- a/celt/tests/test_unit_laplace.c
+++ b/celt/tests/test_unit_laplace.c
@@ -31,8 +31,8 @@
#include <stdio.h>
#include <stdlib.h>
-#include "laplace.h"
#define CELT_C
+#include "laplace.h"
#include "stack_alloc.h"
#include "entenc.c"
--- a/celt/tests/test_unit_rotation.c
+++ b/celt/tests/test_unit_rotation.c
@@ -33,8 +33,6 @@
#define CUSTOM_MODES
#endif
-#define CELT_C
-
#include <stdio.h>
#include <stdlib.h>
#include "vq.h"
--- a/celt/vq.c
+++ b/celt/vq.c
@@ -230,12 +230,12 @@
pulsesLeft -= iy[j];
} while (++j<N);
}
- celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass");
+ celt_sig_assert(pulsesLeft>=0);
/* This should never happen, but just in case it does (e.g. on silence)
we fill the first bin with pulses. */
#ifdef FIXED_POINT_DEBUG
- celt_assert2(pulsesLeft<=N+3, "Not enough pulses in the quick pass");
+ celt_sig_assert(pulsesLeft<=N+3);
#endif
if (pulsesLeft > N+3)
{
--- a/celt/x86/vq_sse2.c
+++ b/celt/x86/vq_sse2.c
@@ -135,7 +135,7 @@
}
X[N] = X[N+1] = X[N+2] = -100;
y[N] = y[N+1] = y[N+2] = 100;
- celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass");
+ celt_sig_assert(pulsesLeft>=0);
/* This should never happen, but just in case it does (e.g. on silence)
we fill the first bin with pulses. */
--- a/configure.ac
+++ b/configure.ac
@@ -759,6 +759,14 @@
AC_DEFINE([ENABLE_ASSERTIONS], [1], [Assertions])
])
+AC_ARG_ENABLE([hardening],
+ [AS_HELP_STRING([--enable-hardening],[enable run-time checks that are cheap and safe for use in production])],,
+ [enable_hardening=no])
+
+AS_IF([test "$enable_hardening" = "yes"], [
+ AC_DEFINE([ENABLE_HARDENING], [1], [Hardening])
+])
+
AC_ARG_ENABLE([fuzzing],
[AS_HELP_STRING([--enable-fuzzing],[causes the encoder to make random decisions])],,
[enable_fuzzing=no])
@@ -919,6 +927,7 @@
Run-time CPU detection: ........ ${rtcd_support}
Custom modes: .................. ${enable_custom_modes}
Assertion checking: ............ ${enable_assertions}
+ Hardening: ..................... ${enable_hardening}
Fuzzing: ....................... ${enable_fuzzing}
Check ASM: ..................... ${enable_check_asm}
Ambisonics support: ............ ${enable_ambisonics}
--- a/tests/test_opus_projection.c
+++ b/tests/test_opus_projection.c
@@ -39,8 +39,8 @@
#include "test_opus_common.h"
#include "opus_projection.h"
#include "mathops.h"
-#include "../src/mapping_matrix.c"
-#include "mathops.c"
+#include "../src/mapping_matrix.h"
+#include "mathops.h"
#ifdef ENABLE_EXPERIMENTAL_AMBISONICS
@@ -103,9 +103,9 @@
MappingMatrix *simple_matrix;
/* Allocate input/output buffers. */
- input_val16 = (opus_val16 *)opus_alloc(align(sizeof(opus_val16) * SIMPLE_MATRIX_INPUT_SIZE));
- output_int16 = (opus_int16 *)opus_alloc(align(sizeof(opus_int16) * SIMPLE_MATRIX_OUTPUT_SIZE));
- output_val16 = (opus_val16 *)opus_alloc(align(sizeof(opus_val16) * SIMPLE_MATRIX_OUTPUT_SIZE));
+ input_val16 = (opus_val16 *)opus_alloc(sizeof(opus_val16) * SIMPLE_MATRIX_INPUT_SIZE);
+ output_int16 = (opus_int16 *)opus_alloc(sizeof(opus_int16) * SIMPLE_MATRIX_OUTPUT_SIZE);
+ output_val16 = (opus_val16 *)opus_alloc(sizeof(opus_val16) * SIMPLE_MATRIX_OUTPUT_SIZE);
/* Initialize matrix */
simple_matrix_size = mapping_matrix_get_size(simple_matrix_params.rows,