Avoid processing LPC coeffs beyond the given order in NEON optimizations
am: 7daa5b5802
Change-Id: I634598d9b0d5d49cba03397dfa340502066593ca
diff --git a/Android.bp b/Android.bp
index 4d1fbc9..34cbdbd 100644
--- a/Android.bp
+++ b/Android.bp
@@ -2,9 +2,6 @@
name: "libopus",
vendor_available: true,
host_supported: true,
- vndk: {
- enabled: true,
- },
export_include_dirs: ["include"],
@@ -15,6 +12,12 @@
"silk/fixed",
],
+ sanitize: {
+ integer_overflow: true,
+ misc_undefined: ["bounds"],
+ blacklist: "libopus_blacklist.txt",
+ },
+
srcs: [
// CELT_SOURCES
"celt/bands.c",
diff --git a/libopus_blacklist.txt b/libopus_blacklist.txt
new file mode 100644
index 0000000..a789961
--- /dev/null
+++ b/libopus_blacklist.txt
@@ -0,0 +1,29 @@
+[integer]
+# celt/celt_decoder.c:1055:61: 0 - 1 cannot be represented in type 'unsigned int'
+fun:celt_decode_with_ec
+# celt/celt_encoder.c:2171:75: 0 - 1 cannot be represented in type 'unsigned int'
+fun:celt_encode_with_ec
+fun:celt_lcg_rand
+# celt/entcode.h:131: negation of 100 cannot be represented in type 'opus_uint32'
+fun:celt_udiv
+# celt/mdct.c:273
+# celt/mdct.c:274
+# celt/mdct.c:304
+# celt/mdct.c:305
+# celt/mdct.c:315
+# celt/mdct.c:316
+# celt/mdct.c:336
+# celt/mdct.c:337
+fun:clt_mdct_backward_c
+fun:ec_dec_init
+# celt/entdec.c:143
+fun:ec_decode
+# celt/entdec.c:150
+fun:ec_decode_bin
+
+src:*/celt/kiss_fft.c
+
+# Performance related
+fun:exp_rotation1
+fun:haar1
+fun:celt_preemphasis
diff --git a/silk/SigProc_FIX.h b/silk/SigProc_FIX.h
index f9ae326..a906890 100644
--- a/silk/SigProc_FIX.h
+++ b/silk/SigProc_FIX.h
@@ -448,13 +448,29 @@
/* Adds two signed 32-bit values in a way that can overflow, while not relying on undefined behaviour
(just standard two's complement implementation-specific behaviour) */
-#define silk_ADD32_ovflw(a, b) ((opus_int32)((opus_uint32)(a) + (opus_uint32)(b)))
+static OPUS_INLINE opus_int32 silk_ADD32_ovflw(opus_int32 a, opus_int32 b) {
+ opus_int32 _c;
+ __builtin_add_overflow(a, b, &_c);
+ return _c;
+}
+
/* Subtractss two signed 32-bit values in a way that can overflow, while not relying on undefined behaviour
(just standard two's complement implementation-specific behaviour) */
-#define silk_SUB32_ovflw(a, b) ((opus_int32)((opus_uint32)(a) - (opus_uint32)(b)))
+static OPUS_INLINE opus_int32 silk_SUB32_ovflw(opus_int32 a, opus_int32 b) {
+ opus_int32 _c;
+ __builtin_sub_overflow(a, b, &_c);
+ return _c;
+}
/* Multiply-accumulate macros that allow overflow in the addition (ie, no asserts in debug mode) */
-#define silk_MLA_ovflw(a32, b32, c32) silk_ADD32_ovflw((a32), (opus_uint32)(b32) * (opus_uint32)(c32))
+/* .. also ignoring multiply overflows; caller has comment about this happening occasionally */
+static OPUS_INLINE opus_int32 silk_MLA_ovflw(opus_int32 a, opus_int32 b, opus_int32 c) {
+ opus_int32 _d, _e;
+ __builtin_mul_overflow(b, c, &_d);
+ __builtin_add_overflow(a, _d, &_e);
+ return _e;
+}
+
#define silk_SMLABB_ovflw(a32, b32, c32) (silk_ADD32_ovflw((a32) , ((opus_int32)((opus_int16)(b32))) * (opus_int32)((opus_int16)(c32))))
#define silk_DIV32_16(a32, b16) ((opus_int32)((a32) / (b16)))
@@ -496,7 +512,12 @@
/* Add with saturation for positive input values */
#define silk_ADD_POS_SAT8(a, b) ((((a)+(b)) & 0x80) ? silk_int8_MAX : ((a)+(b)))
#define silk_ADD_POS_SAT16(a, b) ((((a)+(b)) & 0x8000) ? silk_int16_MAX : ((a)+(b)))
-#define silk_ADD_POS_SAT32(a, b) ((((opus_uint32)(a)+(opus_uint32)(b)) & 0x80000000) ? silk_int32_MAX : ((a)+(b)))
+static OPUS_INLINE opus_int32 silk_ADD_POS_SAT32(opus_int32 a, opus_int32 b) {
+ opus_int32 _c;
+ if (__builtin_add_overflow(a, b, &_c))
+ return silk_int32_MAX;
+ return _c;
+}
#define silk_LSHIFT8(a, shift) ((opus_int8)((opus_uint8)(a)<<(shift))) /* shift >= 0, shift < 8 */
#define silk_LSHIFT16(a, shift) ((opus_int16)((opus_uint16)(a)<<(shift))) /* shift >= 0, shift < 16 */
diff --git a/silk/macros.h b/silk/macros.h
index 3c67b6e..00ccca3 100644
--- a/silk/macros.h
+++ b/silk/macros.h
@@ -33,6 +33,7 @@
#endif
#include "opus_types.h"
+#include "typedef.h"
#include "opus_defines.h"
#include "arch.h"
@@ -96,13 +97,31 @@
#endif
/* add/subtract with output saturated */
-#define silk_ADD_SAT32(a, b) ((((opus_uint32)(a) + (opus_uint32)(b)) & 0x80000000) == 0 ? \
- ((((a) & (b)) & 0x80000000) != 0 ? silk_int32_MIN : (a)+(b)) : \
- ((((a) | (b)) & 0x80000000) == 0 ? silk_int32_MAX : (a)+(b)) )
+/* use clang builtin overflow detectors */
+static OPUS_INLINE opus_int32 silk_ADD_SAT32(opus_int32 a, opus_int32 b) {
+ opus_int32 c;
+ if (__builtin_add_overflow(a, b, &c)) {
+ // overflowed
+ if (a < 0) // neg+X can only overflow towards -inf
+ c = silk_int32_MIN;
+ else
+ c = silk_int32_MAX;
+ }
+ return c;
+}
-#define silk_SUB_SAT32(a, b) ((((opus_uint32)(a)-(opus_uint32)(b)) & 0x80000000) == 0 ? \
- (( (a) & ((b)^0x80000000) & 0x80000000) ? silk_int32_MIN : (a)-(b)) : \
- ((((a)^0x80000000) & (b) & 0x80000000) ? silk_int32_MAX : (a)-(b)) )
+/* use clang builtin overflow detectors */
+static OPUS_INLINE opus_int32 silk_SUB_SAT32(opus_int32 a, opus_int32 b) {
+ opus_int32 c;
+ if (__builtin_sub_overflow(a, b, &c)) {
+ // overflowed,
+ if (a < 0) // neg-X only overflows towards -inf
+ c = silk_int32_MIN;
+ else
+ c = silk_int32_MAX;
+ }
+ return c;
+}
#if defined(MIPSr1_ASM)
#include "mips/macros_mipsr1.h"
