mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-22 09:21:57 -05:00
Code Issues Projects Releases Packages Wiki Activity
The Serenity Operating System 🐞
64571 commits 1 branch 0 tags 514 MiB
C++ 87.9%
JavaScript 4.6%
HTML 3.4%
C 1%
CMake 0.8%
Other 2.2%
Find a file
Luke Wilde f5980ee094 LibJS: Propagate direct eval presence if the current scope is screwed 
Previously it only deoptimized the parent scope if the current scope
contains direct eval, which is incorrect because code ran in direct
eval mode has access to the entire scope chain it was executed in.
The fix is to also propagate direct eval's presence if the current
scope is marked as being screwed by direct eval.

This fixes Google's botguard failing to complete on Google sign in, as
it tried to access local variables outside of a direct parent function
with eval, causing it throw "unhandled" exceptions. Unhandled is in
quotes because their bytecode VM _technically_ caught it, but it was
considered an unhandled exception. This was determined by removing get
optimizations and then adding debug output for every get operation.
Using this, I noticed that for these errors, it would access the
'message' and 'stack' properties. This is because their error handler
function noticed this was not a synthesised error, which is never
expected to happen. That was determined by using Chrome Devtools 'pause
on handled exception' feature, and noticing it never threw a '[var] is
not defined' exception, but only synthesized error objects which
contained a sentinel value to let it know it was synthesized.

I added debug output to eval to print out what was being eval'd because
it makes heavy use of eval. This revealed that the exceptions only came
from eval.

I then dumped every generated executable and noticed the variables it
was trying to access were generated as local variables in the top
scope. This led to checking what makes a variable considered local or
not, which then lead to this block of code in ~ScopePusher that
propagates eval presence only to the immediate parent scope. This
variable directly controls whether to create all variables properly
with variable environments and bindings or allow them to be stored as
local registers tied to that function's executable.

Since this now lets botguard run to completion, it no longer considers
us to be an insecure/potential bot browser when signing in, now
allowing us to be able to sign in to Google.

(cherry picked from commit 5f33383a7bf1b4277e15d4b21fbafcece9302614)
2025-01-17 18:33:06 -05:00
.devcontainer DevContainer: Add a SSH server into a container 2024-11-15 13:20:10 -05:00
.github CI: Check filesystem consistency after running tests 2024-11-29 10:59:24 -05:00
AK AK: Improve performance of u64 randoms 2025-01-13 09:08:55 -05:00
Base Base+Fonts: Add Lucidity Mono Regular terminal font 2025-01-12 19:34:22 -05:00
Documentation Documentation: Promote aarch64 to more supported in the docs 2024-12-30 12:56:52 +01:00
Kernel Kernel/RTL8168: Change wrong u32 mmio reads to u8 2025-01-15 21:32:54 -05:00
Ladybird UI/Qt: Fix hover_label hiding URLs 2024-12-21 14:58:20 -05:00
Meta Meta: Correct the Pi 3 devicetree blob path 2025-01-13 16:06:07 +01:00
Ports Ports/libunistring: Update to 1.3 2025-01-17 07:58:46 -05:00
Tests LibGfx/JPEG2000: Add LRCP and RLCP progression iterators 2025-01-07 08:23:28 -05:00
Toolchain
Userland LibJS: Propagate direct eval presence if the current scope is screwed 2025-01-17 18:33:06 -05:00
.clang-format
.clang-tidy
.editorconfig
.gitattributes
.gitignore
.gn
.mailmap
.pre-commit-config.yaml
.prettierignore
.prettierrc
.ycm_extra_conf.py
CMakeLists.txt Meta: Download both Raspberry Pi 3 and 4 DTBs 2024-12-30 12:56:52 +01:00
CONTRIBUTING.md
flake.lock
flake.nix
LICENSE
README.md Meta: Promote RISC-V as supported in the README 2024-12-30 14:46:27 -05:00
SECURITY.md

README.md

SerenityOS

Graphical Unix-like operating system for 64-bit x86, Arm, and RISC-V computers.

GitHub Actions Status Fuzzing Status Discord

FAQ | Documentation | Build Instructions

About

SerenityOS is a love letter to '90s user interfaces with a custom Unix-like core. It flatters with sincerity by stealing beautiful ideas from various other systems.

Roughly speaking, the goal is a marriage between the aesthetic of late-1990s productivity software and the power-user accessibility of late-2000s *nix. This is a system by us, for us, based on the things we like.

You can watch videos of the system being developed on YouTube:

Screenshot

Screenshot as of c03b788.png

Features

  • Modern 64-bit kernel with pre-emptive multi-threading
  • Browser with JavaScript, WebAssembly, and more (check the spec compliance for JS, CSS, and Wasm)
  • Security features (hardware protections, limited userland capabilities, W^X memory, pledge & unveil, (K)ASLR, OOM-resistance, web-content isolation, state-of-the-art TLS algorithms, ...)
  • System services (WindowServer, LoginServer, AudioServer, WebServer, RequestServer, CrashServer, ...) and modern IPC
  • Good POSIX compatibility (LibC, Shell, syscalls, signals, pseudoterminals, filesystem notifications, standard Unix utilities, ...)
  • POSIX-like virtual file systems (/proc, /dev, /sys, /tmp, ...) and ext2 file system
  • Network stack and applications with support for IPv4, TCP, UDP; DNS, HTTP, Gemini, IMAP, NTP
  • Profiling, debugging and other development tools (Kernel-supported profiling, CrashReporter, interactive GUI playground, HexEditor, HackStudio IDE for C++ and more)
  • Libraries for everything from cryptography to OpenGL, audio, JavaScript, GUI, playing chess, ...
  • Support for many common and uncommon file formats (PNG, JPEG, GIF, MP3, WAV, FLAC, ZIP, TAR, PDF, QOI, Gemini, ...)
  • Unified style and design philosophy, flexible theming system, custom (bitmap and vector) fonts
  • Games (Solitaire, Minesweeper, 2048, chess, Conway's Game of Life, ...) and demos (CatDog, Starfield, Eyes, mandelbrot set, WidgetGallery, ...)
  • Every-day GUI programs and utilities (Spreadsheet with JavaScript, TextEditor, Terminal, PixelPaint, various multimedia viewers and players, Mail, Assistant, Calculator, ...)

... and all of the above are right in this repository, no extra dependencies, built from-scratch by us :^)

Additionally, there are over three hundred ports of popular open-source software, including games, compilers, Unix tools, multimedia apps and more.

How do I read the documentation?

Man pages are available online at man.serenityos.org. These pages are generated from the Markdown source files in Base/usr/share/man and updated automatically.

When running SerenityOS you can use man for the terminal interface, or help for the GUI.

Code-related documentation can be found in the documentation folder.

How do I build and run this?

See the SerenityOS build instructions or the Ladybird build instructions.

The build system supports a cross-compilation build of SerenityOS from Linux, macOS, Windows (with WSL2) and many other *Nixes. The default build system commands will launch a QEMU instance running the OS with hardware or software virtualization enabled as supported.

Ladybird runs on the same platforms that can be the host for a cross build of SerenityOS and on SerenityOS itself.

Get in touch and participate!

Join our Discord server: SerenityOS Discord

Before opening an issue, please see the issue policy.

A general guide for contributing can be found in CONTRIBUTING.md.

Authors

And many more! See here for a full contributor list. The people listed above have landed more than 100 commits in the project. :^)

License

SerenityOS is licensed under a 2-clause BSD license.