| Age | Commit message (Collapse) | Author |
|---|
|
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
|
|
This makes it possible to change flags of a mount after the fact, with the
caveats outlined in the man page.
|
|
This adds support for MS_RDONLY, a mount flag that tells the kernel to disallow
any attempts to write to the newly mounted filesystem. As this flag is
per-mount, and different mounts of the same filesystems (such as in case of bind
mounts) can have different mutability settings, you have to go though a custody
to find out if the filesystem is mounted read-only, instead of just asking the
filesystem itself whether it's inherently read-only.
This also adds a lot of checks we were previously missing; and moves some of
them to happen after more specific checks (such as regular permission checks).
One outstanding hole in this system is sys$mprotect(PROT_WRITE), as there's no
way we can know if the original file description this region has been mounted
from had been opened through a readonly mount point. Currently, we always allow
such sys$mprotect() calls to succeed, which effectively allows anyone to
circumvent the effect of MS_RDONLY. We should solve this one way or another.
|
|
That's where the other similar definitions reside. Also, use bit shift
operations for MS_* values.
|
|
|
|
This commit also changes the mode parsing to allow specifying the modes
in any order.
|
|
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
|
|
It's not enough to send ourselves a SIGABRT, as it may be ignored or handled
differently. We really, really want abort() to never return, as that will mess
up the assumptions of the calling code big time. So, if raise(SIGABRT) returns,
kill ourselves with SIGKILL, and if that somehow returns too, call _exit().
An alternative approach, which glibc apparently follows, is to reset SIGABRT
disposition to its default value and then send SIGABRT to yourself a second
time. That would also work, but I believe SIGKILL + _exit() to be a simpler
approach that is less likely to break in extremely weird situations.
Note that this only guarantees that abort() never returns, not that the process
actually gets killed. It's still possible to install a SIGABRT handler that
simply never returns (such as by longjmp'ing out, endlessly looping, or exec'ing
another image). That is a legitimate use case we want to support; at the same
time most software doesn't use that functionality and would benefit from hard
guarantees that abort() terminates the program. The following commit is going to
introduce means for ensuring SIGABRT handler is never reset to something
unexpected.
|
|
We already do this for exit().
|
|
We (rightfully) mark abort() noreturn, so the loop just gets compiled out.
|
|
This should fix the toolchain build, where GCC doesn't use our stddef.h
Also, Dr. POSIX says ssize_t goes in <sys/types.h> anyway. :^)
|
|
Now that ssize_t is derived from size_t, we have to
|
|
|
|
While the compiler provides __SIZE_TYPE__ for declaring size_t,
there's unfortunately no __SSIZE_TYPE__ for ssize_t.
However, we can trick the preprocessor into doing what we want anyway
by doing "#define unsigned signed" before using __SIZE_TYPE__ again.
|
|
This file is required for building the git port.
It was already added before and then removed again when the CI script
for license header checks was added as it seemed irrelevant.
|
|
When we flush a FILE, we behave differently depending on whether we reading from
the file or writing to it:
* If we're writing, we actually write out the buffered data.
* If we're reading, we just drop the buffered (read ahead) data.
After flushing, there should be no additional buffered state stdio keeps about a
FILE, compared to what is true about the underlying file. This includes file
position (offset). When flushing writes, this is taken care of automatically,
but dropping the buffer is not enough to achieve that when reading. This commit
fixes that by seeking back explicitly in that case.
One way the problem manifested itself was upon fseek(SEEK_CUR) calls, as the
position of the underlying file was oftentimes different to the logical position
of the FILE. Since FILE::seek() already calls FILE::flush() prior to actually
modifying the position, fixing FILE::flush() to sync the positions is enough to
fix that issue.
|
|
This reverts commit 2c823473930121aecbacf0422c8372a0912e581b.
|
|
This reverts commit cdbbe14062ea49f9a9d9b0e5627aba9efd07659a.
|
|
This reverts commit c1eb744ff0a82cf6c8e3470ac10e2f417c7d9de2.
|
|
I've written a large part of the new stdio, so I'm (partly) to blame for it now.
|
|
I accidentally broke this in the recent rewrite. This reinstantiates the
behavior implemented in https://github.com/SerenityOS/serenity/commit/65714685259d1ea4ba9d32bc41aee6fc8c56a645.
|
|
Make sure that userspace is always referencing "system" headers in a way
that would build on target :). This means removing the explicit
include_directories of Libraries/LibC in favor of having it export its
headers as SYSTEM. Also remove a redundant include_directories of
Libraries in the 'serenity build' part of the build script. It's already
set at the top.
This causes issues for the Kernel, and for crt0.o. These special cases
are handled individually.
|
|
This is __cxa_guard_acquire, __cxa_guard_release, and __cxa_guard_abort.
We put these symbols in a 'fake' libstdc++ to trick gcc into thinking it
has libstdc++. These symbols are necessary for C++ programs and not C
programs, so, seems file. There's no way to tell gcc that, for example,
the standard lib it should use is libc++ or libc. So, this is what we
have for now.
When threaded code enters a block that is trying to call the constructor
for a block-scope static, the compiler will emit calls to these methods
to handle the "call_once" nature of block-scope statics.
The compiler creates a 64-bit guard variable, which it checks the first
byte of to determine if the variable should be intialized or not.
If the compiler-generated code reads that byte as a 0, it will call
__cxa_guard_acquire to try and be the thread to call the constructor for
the static variable. If the first byte is 1, it will assume that the
variable's constructor was called, and go on to access it.
__cxa_guard_acquire uses one of the 7 implementation defined bytes of
the guard variable as an atomic 8 bit variable. To control a state
machine that lets each entering thread know if they gained
'initialization rights', someone is working on the varaible, someone is
working on the varaible and there's at least one thread waiting for it
to be intialized, or if the variable was initialized and it's time to
access it. We only store a 1 to the byte the compiler looks at in
__cxa_guard_release, and use a futex to handle waiting.
|
|
This allows operator new and operator delete to be available to anyone
that links -lc (everyone) rather than just people that include
kmalloc.h (almost no one).
|
|
The new version uses buffering much more prominently, and hopefully performs
better. It also uses something resembling C++ rather than plain C.
|
|
We would want it to work with only stdio pledged.
|
|
|
|
|
|
This was supposed to be the foundation for some kind of pre-kernel
environment, but nobody is working on it right now, so let's move
everything back into the kernel and remove all the confusion.
|
|
|
|
I'm not sure why this was a syscall. If we need this we can add it in
LibC as a wrapper around sysconf(_SC_OPEN_MAX).
|
|
We stopped using gettimeofday() in Core::EventLoop a while back,
in favor of clock_gettime() for monotonic time.
Maintaining an optimization for a syscall we're not using doesn't make
a lot of sense, so let's go back to the old-style sys$gettimeofday().
|
|
Of course, using dbg() in the middle will change errno (most likely, reset
it to zero).
|
|
Closes https://github.com/SerenityOS/serenity/issues/2080
|
|
This patch makes strto{u,}l{l,}() behave more to-spec about endptr.
"If endptr is not NULL, strtoull stores the address of the first invalid
character in *endptr."
|
|
This fixes the behavior for several inputs:
- '-0' (shouldn't work but was accepted)
- '+3' (shouldn't work but was accepted)
- '13835058055282163712' (should work but returned 9223372036854775807 with errno=ERANGE)
|
|
|
|
This strtod implementation is not perfectly accurate, as evidenced by the test
(accuracy_strtod.cpp), but it is sufficiently close (up to 8 eps).
The main sources of inaccuracy are:
- Highly repeated division/multiplication by 'base'
(Each operation brings a multiplicative error of 1+2^-53.)
- Loss during the initial conversion from long long to double (most prominently,
69294956446009195 should first be rounded to 69294956446009200 and then
converted to 69294956446009200.0 and then divided by ten, yielding
6929495644600920.0. Currently, it converts first to double, can't represent
69294956446009195.0, and instead represents 69294956446009190, which
eventually yields 6929495644600919.0. Close, but technically wrong.)
I believe that these issues can be fixed by rewriting the part at and after
double value = digits.number();
and that the loss before that is acceptable.
Specifically, losing the exact exponent on overflow is obviously fine.
The only other loss occurs when the significant digits overflow a 'long long'.
But these store 64(-7ish) bits, and the mantissa of a double only stores 52 bits.
With a bit more thinking, one could probably get the error down to 1 or 2 eps.
(But not better.)
Fixes #1979.
|
|
It's based on <netinet/in.h> and more definitions might be required
here (e.g, IP header).
|
|
This file uses 'struct timeval' without including relevant header.
|
|
|
|
Will be updated as we add more protocols (e.g AF_INET6)
|
|
I had this assert trigger, I believe in a legitimate case.
This is the behavior glic and musl follow.
|
|
In f4302b58fb0, the kernel-side syscalls (e.g Process::sys$getsockname)
were updated to use SC_get{sock,peer}name_params, but the libc
functions were not updated.
|
|
|
|
|
|
The gcc port was hitting that assertion for some reason.
This patch fixes it.
|
|
|
|
It's tedious to write (and look at) [[gnu::always_inline]] etc. :^)
|
|
Also, rewrite the macro to expand to an if statement instead of
a weird ternary operator with a (void)0 banch.
|
