This commit adds the PlainYearMonth object itself, its constructor and
prototype (currently empty), and the CreateTemporalYearMonth and
ISOYearMonthWithinLimits abstract operations.
Deleting a symlink via "FileOperation Delete" should not recursively
delete whatever the symlink is pointing to. Same basic idea applies to
the Copy and Move operations.
FileSystemModel will now react to specific events from Core::FileWatcher
in order to granularly update its data based on addition or removal of
files from the tree. Metadata changes are currently not handled, but in
the future they can be used to re-stat() a file to get its updated
statistics.
SortingProxyModel always expected the source model to have the same
number of rows as long as it has not been invalidated. Now that we have
granular updates, this assumption is no longer true, and we need to
resize the source/proxy_rows vectors to the new size. This is safe since
the values in the vector are overwritten right afterwards.
These can be used by Model subclasses to signal the exact operations
that happened to a model, so that persistent model indices in that
area are not invalidated.
This patch adds persistent indices to models. A PersistentModelIndex is
a ModelIndex that will survive most model updates (provided that the
data the PersistentModelIndex points to has not been removed by the
model's data store). PersistentModelIndex objects can be safely held
by objects outside the model they originated from.
Previously HeaderView would just assume that each column or row could
have a minimum size of 2. This makes it so that AbstractTableView
subclasses can provide a new minimum value for a specific column.
This tightens the update rects for EraseTool, BrushTool And the marching
ants update in Selection. Inflate Selection update rect by 10x10 to
avoid misalignment when zoomed out.
Previously using PenTool while zoomed in could cause rendering glitches
since the update rect was misaligned with the image, most likely because
of rounding errors.
Loosening the rect with 1 pixel on either side takes care of this.
After the update -> invalidate change a couple places broke when
update() was supposed to be manually called. This instance was not
marked virtual or override, which made it hard to detect. This commit
makes sure that update() on the original model is called when the
RunningProcessesModel needs an update.
Although this is not spec-compliant, we don't have a way to represent
objects larger than `NumericLimits<size_t>::max()`. Since this abstract
operation is only used when dealing with object size, we don't lose any
functionality by taking that limit into account too.
This fixes a UBSAN error when compiling with Clang.
When the system calls return `NumericLimits<ptrdiff_t>::min()`, negating
the return code would produce `NumericLimits<ptrdiff_t>::max() + 1`
since we are on a two's complement architecture. Because this value
cannot be stored, signed overflow occurs which is UB. This can be fixed
by applying the negation to `EMAXERRNO` since that's known to contain a
relatively small value.
Found when running tests with Clang.
There seems to be more incorrect assumptions about Clang-built
executables' memory layout than expected. These make the CI fail even
though the system is functional in all other aspects. While this is
being fixed, let's just disable tests for UserspaceEmulator.
Without this patch, we would end up printing garbage values when we
encountered floating point infinity or NaN values, and also triggered
UBSAN with Clang. This added code models `std::format`'s behavior: the
sign is added the same way as with normal values and the strings 'nan'
and 'inf' are printed.
If we call these two functions on a negative value, undefined behavior
occurs due to casting a negative double to an unsigned integer. These
functions are defined to perform modular arithmetic, so negative values
can be fixed up by adding 2^8/2^16.
The reason why this step is not mentioned in ECMA-262 is that it defines
modular arithmetic so that `x mod m` had the same sign as `m`, while
LibM's `fmod(x, m)` copies `x`'s sign.
This issue was found by UBSAN with the Clang toolchain.
Casting a floating point number to an integer and comparing that against
the original value is not a good way to test if it is a whole number. It
may cause unnecessary narrowing conversion issues and UB. This was the
case, which was caught be Clang's `-fsanitize=float-cast-overflow`.
This commit changes the code to use `is_integral_number`, as suggested
in ECMA-262.
If the argument to this function is greater then or equal to 2^32, the
`double` => `u32` cast produces undefined behavior, which Clang catches.
To fix this, we now use `ToUint32` for getting the integer argument, as
specified by ECMA-262.
On x86, the `fprem` and `fmprem1` instructions may produce a 'partial
remainder', for which we should check by reading a FPU flag. If we don't
check for it, we may end up using values that are outside the expected
range of values.
When compiling this code with Clang, both branches of the ternary
operator get evaluated at compile-time, triggering a warning about a
narrowing implicit conversion. We can use `explode_byte` instead.
Taking a reference or a pointer to a value that's not aligned properly
is undefined behavior. While `[[gnu::packed]]` ensures that reads from
and writes to fields of packed structs is a safe operation, the
information about the reduced alignment is lost when creating pointers
to these values.
Weirdly enough, GCC's undefined behavior sanitizer doesn't flag these,
even though the doc of `-Waddress-of-packed-member` says that it usually
leads to UB. In contrast, x86_64 Clang does flag these, which renders
the 64-bit kernel unable to boot.
For now, the `address-of-packed-member` warning will only be enabled in
the kernel, as it is absolutely crucial there because of KUBSAN, but
might get excessively noisy for the userland in the future.
Also note that we can't append to `CMAKE_CXX_FLAGS` like we do for other
flags in the kernel, because flags added via `add_compile_options` come
after these, so the `-Wno-address-of-packed-member` in the root would
cancel it out.
This contains all the bits and pieces necessary to build a Clang binary
that will correctly compile SerenityOS.
I had some trouble with getting LLVM building with a single command, so
for now, I decided to build each LLVM component in a separate command
invocation. In the future, we can also make the main llvm build step
architecture-independent, but that would come with extra work to make
library and include paths work.
The binutils build invocation and related boilerplate is duplicated
because we only use `objdump` from GNU binutils in the Clang toolchain,
so most features can be disabled.
Kernels built with Clang seem to be quite allocation-heavy compared to
their GCC counterparts. We would sometimes end up crashing during boot
because the eternal ranges had no free capacity.
