Problem:
- Many constructors are defined as `{}` rather than using the ` =
default` compiler-provided constructor.
- Some types provide an implicit conversion operator from `nullptr_t`
instead of requiring the caller to default construct. This violates
the C++ Core Guidelines suggestion to declare single-argument
constructors explicit
(https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit).
Solution:
- Change default constructors to use the compiler-provided default
constructor.
- Remove implicit conversion operators from `nullptr_t` and change
usage to enforce type consistency without conversion.
Problem:
- The implementation of `find` is coupled to the implementation of `Vector`.
- `Vector::find` takes the predicate by value which might be expensive.
Solution:
- Decouple the implementation of `find` from `Vector` by using a
generic `find` algorithm.
- Change the name of `find` with a predicate to `find_if` so that a
binding reference can be used and the predicate can be forwarded to
avoid copies.
- Change all the `find(pred)` call sites to use `find_if`.
This patch merges the profiling functionality in the kernel with the
performance events mechanism. A profiler sample is now just another
perf event, rather than a dedicated thing.
Since perf events were already per-process, this now makes profiling
per-process as well.
Processes with perf events would already write out a perfcore.PID file
to the current directory on death, but since we may want to profile
a process and then let it continue running, recorded perf events can
now be accessed at any time via /proc/PID/perf_events.
This patch also adds information about process memory regions to the
perfcore JSON format. This removes the need to supply a core dump to
the Profiler app for symbolication, and so the "profiler coredump"
mechanism is removed entirely.
There's still a hard limit of 4MB worth of perf events per process,
so this is by no means a perfect final design, but it's a nice step
forward for both simplicity and stability.
Fixes#4848Fixes#4849
Let's adapt this class a bit better to how it's actually being used.
Instead of having valid/invalid states and storing an error in case
it's invalid, a MappedFile is now always valid, and the factory
function that creates it will return an OSError if mapping fails.
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps
directories at startup, ensuring that they are owned by root, and with
basic 0755 permissions.
The kernel will also now refuse to put core dumps in a directory that
doesn't fulfill the following criteria:
- Owned by 0:0
- Directory with sticky bit not set
- 0755 permissions
Fixes#4435Fixes#4850
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
Previously the client would only learn the mime type of what was being
dropped on it once the drop occurred. To enable more sophisticated
filtering of drag & drop, we now pass along the list of mime types being
dragged to the client with each MouseMove event.
(Note that MouseMove is translated to the various Drag* events in LibGUI
on the client side.)
Clients of LaunchServer can now provide a list of allowed handlers,
optionally with a specific set of URLs. The list can be sealed to
prevent future additions to it.
If LaunchServer receives a request to open something not on the allowed
handlers list, it will disconnect the client immediately.
The main idea here is to allow otherwise restricted programs to launch
specific things, e.g "Help" to open their manual, or "Browser" to load
the SerenityOS home page. :^)
...as well as the few remaining references to set_foreground_color().
These properties are not being used for rendering anymore, presumably
because they completely mess up theming - assigning random white and
gray backgrounds just doesn't work with dark themes.
I've chosen to not replace most of the few remaining uses of this
broken functionality with custom palette colors (the closest
replacement is background_role) for now (except for Minesweeper where
squares with mines are painted red again now), as no one has actually
complained about them being broken, so it must look somewhat decent
(some just look right anyway). :^)
Examples of this are the taskbar buttons, which apparently had a
DarkGray foreground color for minimized windows once - this has since
been replaced with bold/regular font. Another one is the Profiler's
ProfileTimelineWidget, which is supposed to have a white background -
which it didn't have for quite some time, it's grey now (with the
default theme, that is). Doesn't look bad either.
Previously notifications were (partially) drawn outside the screen rect if
they were created before changing the screen resolution to smaller
dimensions. This prevented the user from dismissing the notification as the
close button was no longer clickable.
This makes window modality a bit more discoverable by indicating to the
user that the modal window must be closed before mouse interaction is
possible in the clicked window.
Just constructing one of these guys on the stack willy nilly will leak
the first reference to them. There might be other C_OBJECTs that have
public constructors, seems like a good place for some static analysis
checks :).
Force users to call the construct() method for it.
Compared to version 10 this fixes a bunch of formatting issues, mostly
around structs/classes with attributes like [[gnu::packed]], and
incorrect insertion of spaces in parameter types ("T &"/"T &&").
I also removed a bunch of // clang-format off/on and FIXME comments that
are no longer relevant - on the other hand it tried to destroy a couple of
neatly formatted comments, so I had to add some as well.
When a new modal window is created, we still want to forward the
WindowDeactivated event to its parent window, despite it being blocked
by the newly created modal (which causes WindowServer's Window::event()
to ignore all incoming events from WindowManager for that window).
This fixes the "terminal doesn't stop blinking when blocked by modal
window" bug.
This patchset makes ProtocolServer stream the downloads to its client
(LibProtocol), and as such changes the download API; a possible
download lifecycle could be as such:
notation = client->server:'>', server->client:'<', pipe activity:'*'
```
> StartDownload(GET, url, headers, {})
< Response(0, fd 8)
* {data, 1024b}
< HeadersBecameAvailable(0, response_headers, 200)
< DownloadProgress(0, 4K, 1024)
* {data, 1024b}
* {data, 1024b}
< DownloadProgress(0, 4K, 2048)
* {data, 1024b}
< DownloadProgress(0, 4K, 1024)
< DownloadFinished(0, true, 4K)
```
Since managing the received file descriptor is a pain, LibProtocol
implements `Download::stream_into(OutputStream)`, which can be used to
stream the download into any given output stream (be it a file, or
memory, or writing stuff with a delay, etc.).
Also, as some of the users of this API require all the downloaded data
upfront, LibProtocol also implements `set_should_buffer_all_input()`,
which causes the download instance to buffer all the data until the
download is complete, and to call the `on_buffered_download_finish`
hook.
This patch removes size policies and preferred sizes, and replaces them
with min-size and max-size for each widget.
Box layout now works in 3 passes:
1) Set all items (widgets/spacers) to their min-size
2) Distribute remaining space evenly, respecting max-size
3) Place widgets one after the other, adding spacing in between
I've also added convenience helpers for setting a fixed size (which is
the same as setting min-size and max-size to the same value.)
This significantly reduces the verbosity of widget layout and makes GML
a bit more pleasant to write, too. :^)
This makes them shrink when the taskbar fills with too many buttons.
It doesn't scale to infinity open windows, but it's better than them
escaping off screen after 6 open windows. :^)
The compose() function is supposed to be fast since it can execute
60 times per second. Let's not do obviously avoidable things like
configuration value lookups in there. :^)
This was mentioned in #4574, and the more I think about it the more it
feels just right - let's move it there! :^)
Having to link LaunchServer against LibGUI explicitly should've been
telling enough...
The DevFS along with DevPtsFS give a complete solution for populating
device nodes in /dev. The main purpose of DevFS is to eliminate the
need of device nodes generation when building the system.
Later on, DevFS will assist with exposing disk partition nodes.
clang trunk with -std=c++20 doesn't seem to properly look for an
aggregate initializer here when the type being constructed is a simple
aggregate (e.g. `struct Thing { int a; int b; };`). This template fails
to compile in a usage added 12/16/2020 in `AK/Trie.h`.
Both forms of initialization are supposed to call the
aggregate-initializers but direct-list-initialization delegating to
aggregate initializers is a new addition in c++20 that might not be
implemented yet.
Move the shadow 1 more pixel away from the unhovered icon location,
making a total 2 pixel distance between the icon and the shadow.
Also tweak the shadow color to be a darkened variant of the base color
underneath the icon.
Browser supports very few protocols (http, https, gemini, file) at the
moment, so there's no point in using it as a catch-all and default
protocol handler. I added an explicit association for gemini to
/bin/Browser instead.
This stops Desktop::Launcher::open() from reporting success for any URL,
which really isn't the case (Browser shows an error page...).
POSIX allows the default streams (stdin, stdout and stderr) to be
macros, which means that on such systems (musl libc is one) building
Lagom will fail due to the File::std*() names.
Also fix any files that use these identifiers.
Problem:
- `(void)` simply casts the expression to void. This is understood to
indicate that it is ignored, but this is really a compiler trick to
get the compiler to not generate a warning.
Solution:
- Use the `[[maybe_unused]]` attribute to indicate the value is unused.
Note:
- Functions taking a `(void)` argument list have also been changed to
`()` because this is not needed and shows up in the same grep
command.
This adds the ability to specify cursor attributes as part of their
file names, which allows us to remove hard coded values like the hot
spot from the code. The attributes can be specified between the last
two dots of the file name. Each attribute begins with a character,
followed by one or more digits that specify a uint value.
Supported attributes:
x: The x-coordinate of the cursor hotspot
y: The y-coordinate of the cursor hotspot
f: The number of animated frames horizontally in the image
t: The number of milliseconds per frame
For example, the filename wait.f14t100.png specifies that the image
contains 14 frames that should be cycled through at a rate of 100ms.
The hotspot is not specified, so it defaults to the center.
Almost everyone using this API actually wanted String instead of a
ByteBuffer anyway, and there were a bunch of slightly different ways
clients would convert to String.
Let's just cut out all the confusion and make it return String. :^)
This isn't entirely symmetrical with on_load_start as it will also fire
on reloads and back/forward navigations. However, it's good enough for
some basic use cases, and we can do more sophisticated notifications
later on when we need them.
This used to crash 'pape -c' on a fresh image. Note that the special value
is '', the empty string, and *not* NULL, i.e. an unset string. An empty
string implies that the wallpaper is not an image, but rather a solid color.
The desktop can now be split up into halves (both vertical and
horizontal) and quarters by dragging a window into the corresponding
edge or corner.
This makes tiling behave more like you would expect from similiar
window managers.
Previously, the Mixer class would only check for an added BufferQueue
if the list of active queues was empty. If more than one client
connected to AudioServer, its queue would never be added to the list of
active queues.
This fix adds a flag that, when set, will cause the sound thread to wait
for a new BufferQueue.
Layout was using an outdated viewport rect that we set *after* doing
a layout due to resize. That meant that layout-in-response-to-resize
was always lagging behind the current size of the view.
The root of this problem was how Frame kept both a viewport rect
(with both scroll offset and size) and a frame size. To fix this,
only store the viewport scroll offset, and always use the frame size.
This way they can't get out of sync and the problem goes away. :^)
Fixes#4250.
We need to call waitpid until no more waitable children are available.
This is necessary because SIGCHLD signals may coalesce into one when
multiple children terminate almost simultaneously.
Also, switch to EventLoop's asynchronous signal handling mechanism,
which allows more complex operations in the signal handler.
We need to call waitpid until no more waitable children are available.
This is necessary because SIGCHLD signals may coalesce into one when
multiple children terminate almost simultaneously.
This fixes random zombie processes sticking around after e.g. closing
Browser.
Also, switch to EventLoop's asynchronous signal handling mechanism,
which allows more complex operations in the signal handler.
Bring the names of various boxes closer to spec language. This should
hopefully make things easier to understand and hack on. :^)
Some notable changes:
- LayoutNode -> Layout::Node
- LayoutBox -> Layout::Box
- LayoutBlock -> Layout::BlockBox
- LayoutReplaced -> Layout::ReplacedBox
- LayoutDocument -> Layout::InitialContainingBlockBox
- LayoutText -> Layout::TextNode
- LayoutInline -> Layout::InlineNode
Note that this is not strictly a "box tree" as we also hang inline/text
nodes in the same tree, and they don't generate boxes. (Instead, they
contribute line box fragments to their containing block!)
This makes most operations thread safe, especially so that they
can safely be used in the Kernel. This includes obtaining a strong
reference from a weak reference, which now requires an explicit
call to WeakPtr::strong_ref(). Another major change is that
Weakable::make_weak_ref() may require the explicit target type.
Previously we used reinterpret_cast in WeakPtr, assuming that it
can be properly converted. But WeakPtr does not necessarily have
the knowledge to be able to do this. Instead, we now ask the class
itself to deliver a WeakPtr to the type that we want.
Also, WeakLink is no longer specific to a target type. The reason
for this is that we want to be able to safely convert e.g. WeakPtr<T>
to WeakPtr<U>, and before this we just reinterpret_cast the internal
WeakLink<T> to WeakLink<U>, which is a bold assumption that it would
actually produce the correct code. Instead, WeakLink now operates
on just a raw pointer and we only make those constructors/operators
available if we can verify that it can be safely cast.
In order to guarantee thread safety, we now use the least significant
bit in the pointer for locking purposes. This also means that only
properly aligned pointers can be used.
...instead of maybe bitmap + a single mime type and its corresponding data.
This allows drag&drop operations to hold multiple different kinds of
data, and the views/applications to choose between those.
For instance, Spreadsheet can keep the structure of the dragged cells,
and still provide text-only data to be passed to different unrelated editors.
Now we (almost) verify all the sites we browse.
Certificate verification failures should not be unexpected, as the
existing CA certificates are likely not complete.
This API is only used for HttpRequest, but replicated in GeminiRequest
without an actual user, so remove it and construct the job like the rest
of the protocols.
The configuration key [DNS] Nameserver has been renamed to Nameservers
and accepts a comma-separated list of nameserver addresses, which will
be queried in the given order until a response has been received.
The new default value is still Cloudflare's 1.1.1.1 as well as their
secondary DNS server 1.0.0.1.
did_timeout is a bool& parameter of lookup() that used to be set when
the UDP connection timed out, but this behaviour was broken in e335d73.
I replaced it with a more useful 'did_get_response' parameter that is
being set after the UDP socket connected, sent its request and got a
response - it might still be bogus data but we know the communication
was successful.
