There seems to be more incorrect assumptions about Clang-built
executables' memory layout than expected. These make the CI fail even
though the system is functional in all other aspects. While this is
being fixed, let's just disable tests for UserspaceEmulator.
Without this patch, we would end up printing garbage values when we
encountered floating point infinity or NaN values, and also triggered
UBSAN with Clang. This added code models `std::format`'s behavior: the
sign is added the same way as with normal values and the strings 'nan'
and 'inf' are printed.
If we call these two functions on a negative value, undefined behavior
occurs due to casting a negative double to an unsigned integer. These
functions are defined to perform modular arithmetic, so negative values
can be fixed up by adding 2^8/2^16.
The reason why this step is not mentioned in ECMA-262 is that it defines
modular arithmetic so that `x mod m` had the same sign as `m`, while
LibM's `fmod(x, m)` copies `x`'s sign.
This issue was found by UBSAN with the Clang toolchain.
Casting a floating point number to an integer and comparing that against
the original value is not a good way to test if it is a whole number. It
may cause unnecessary narrowing conversion issues and UB. This was the
case, which was caught be Clang's `-fsanitize=float-cast-overflow`.
This commit changes the code to use `is_integral_number`, as suggested
in ECMA-262.
If the argument to this function is greater then or equal to 2^32, the
`double` => `u32` cast produces undefined behavior, which Clang catches.
To fix this, we now use `ToUint32` for getting the integer argument, as
specified by ECMA-262.
On x86, the `fprem` and `fmprem1` instructions may produce a 'partial
remainder', for which we should check by reading a FPU flag. If we don't
check for it, we may end up using values that are outside the expected
range of values.
When compiling this code with Clang, both branches of the ternary
operator get evaluated at compile-time, triggering a warning about a
narrowing implicit conversion. We can use `explode_byte` instead.
Taking a reference or a pointer to a value that's not aligned properly
is undefined behavior. While `[[gnu::packed]]` ensures that reads from
and writes to fields of packed structs is a safe operation, the
information about the reduced alignment is lost when creating pointers
to these values.
Weirdly enough, GCC's undefined behavior sanitizer doesn't flag these,
even though the doc of `-Waddress-of-packed-member` says that it usually
leads to UB. In contrast, x86_64 Clang does flag these, which renders
the 64-bit kernel unable to boot.
For now, the `address-of-packed-member` warning will only be enabled in
the kernel, as it is absolutely crucial there because of KUBSAN, but
might get excessively noisy for the userland in the future.
Also note that we can't append to `CMAKE_CXX_FLAGS` like we do for other
flags in the kernel, because flags added via `add_compile_options` come
after these, so the `-Wno-address-of-packed-member` in the root would
cancel it out.
This contains all the bits and pieces necessary to build a Clang binary
that will correctly compile SerenityOS.
I had some trouble with getting LLVM building with a single command, so
for now, I decided to build each LLVM component in a separate command
invocation. In the future, we can also make the main llvm build step
architecture-independent, but that would come with extra work to make
library and include paths work.
The binutils build invocation and related boilerplate is duplicated
because we only use `objdump` from GNU binutils in the Clang toolchain,
so most features can be disabled.
Kernels built with Clang seem to be quite allocation-heavy compared to
their GCC counterparts. We would sometimes end up crashing during boot
because the eternal ranges had no free capacity.
... segment
This happens with binaries build with Clang or with a custom linker
script. If this is the case, offsets should be calculated not from the
base address of `.text`, but from the first section loaded for the
library.
This commit moves all UserspaceEmulator symbolication into a common
helper function and fixes a FIXME.
This helps us avoid weird truncation issues and fixes a bug on Clang
builds where truncation while reading caused the DIE offsets following
large LEB128 numbers to be incorrect. This removes the need for the
separate `LongUnsignedNumber` type.
On i686, reading integers larger than `2^32 - 1` would fail as the
32-bit `size_t` parameter would overflow. This caused us to read too few
bytes in LibDebug's DWARF parser. Making this method templated solves
this issue, as we now can call this API with a `u64` parameter.
This LineProgram instruction is emitted by Clang. Although we currently
have no use for it (it's mostly a debugger feature), we need to handle
this opcode, as otherwise CrashReporter wouldn't work.
Due to a bug in Clang 12, the compilation would fail with an 'unexpected
end-of-file' error when it encounters some of the nested generic lambdas
in `Compositor.cpp`.
Co-authored-by: Peter Bindels <dascandy@gmail.com>
The Clang error message reads like this (`-Wdeprecated-array-compare`):
> error: comparison between two arrays is deprecated; to compare
> array addresses, use unary '+' to decay operands to pointers.
Since C99 and C++20 have a standardized syntax for designated
initializer, we should use that instead of this GCC-specific extension.
While this currently works both in Clang and GCC, the former emits a
warning for it, while the latter has an [issue] open that plans to
deprecate it.
[issue]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88144
Clang is a bit more pedantic than GCC when diagnosing implicit
fallthroughs, and doesn't care if the succeeding label only contains a
single break statement.
When exiting the terminal settings window, the opacity, bell and
maximum history size will be saved to the application config file.
Because the color scheme is neither configurable nor
will it be loaded on startup, it will not get saved for now.
This seemed like a good idea at the time to avoid an unnecessary
dependency on qemu-system-i386. However this makes debugging the
kernel with GDB more difficult because GDB assumes that the QEMU
architectures matches the kernel architecture.
The text was painted with the assumption that no other column would be
present after the tree column, which won't always be true. Additionally,
some alignment and focus rect-related issues have been fixed.
The maximum number of virtual consoles is determined at compile time,
so we can pre-allocate that many slots, dodging some heap allocations.
Furthermore, virtual consoles are never destroyed, so it's fine to
simply store a raw pointer to the currently active one.
Previously in Browser, when we navigate back from a page that has an
icon to a page that does not have an icon, the icon does not update and
the old icon is displayed because FrameLoader does not set the default
favicon when the favicon cannot be loaded. This patch ensures that
Browser receives a new icon bitmap every time a load takes place.
This pattern is no good:
kmalloc(elements * sizeof(T));
Since it silently swallows any multiplication overflow.
This patch adds a simple kmalloc_array() that stops the program if
overflow occurs:
kmalloc_array(elements, sizeof(T));