This will be useful for CSS random functions so it should be in a
reusable place.
This does require us to use `AK::get_random` instead of
`Crypto::get_secure_random`, but this is fine since the latter is in the
process of being removed (see #6564).
Disallow calling `StringBase::bytes()` on temporaries to avoid returning
`ReadonlyBytes` that outlive the underlying string.
With this change, we catch a real UAF:
`load_result.data = maybe_response.release_value().bytes();`
All other updated call sites were already safe, they just needed to use
an intermediate named variable to satisfy the new lvalue-only
requirement.
a290034a81 passed an empty vector to this,
which caused nodes that appeared multiple times to reset the trie
metadata...which broke the optimisation.
This patchset makes the function take a 'provide missing metadata'
function instead, and only invokes it when the node is missing rather
than unconditionally setting the metadata on all nodes.
There are actually a couple of issues here:
1. We are not properly perfect-forwarding the iterable to the Enumerator
member. We are using the class template as the constructor type, but
we would actually have to do something like this to achieve perfect
forwarding:
template <typname Iter = Iterable>
Enumerator(Iter&&)
2. The begin / end methods on Enumerator (although they return by const-
ref) are making copies during for-each loops. The compiler basically
generates this when we call enumerate:
for (auto it = Enumerator::begin(); it != Enumerator::end(); ++it)
The creation of `it` above actually creates a copy of the returned
Enumerator instance.
To avoid all of this, let's create an intermediate structure to act as
the enumerated iterator. This structure does not hold the iterable and
thus is fine to copy. We can then let the compiler handle forwarding
the iterable to the Enumerator.
Cherry-picked from:
0edcd19615
These take a numerator and denominator defining the unit in a fractions
of a second. Conversion is done in integers, meaning that these must
clamp when approaching numeric limits.
This will format Duration as seconds, with as much decimal precision as
necessary to fully represent its value. The alternate format specifier
can be used to make it print the units on the end, i.e. "1.23s".
This commit changes the event loop to use IOCPs instead of
WaitForMultipleObjects to wait on events. This is done through the Nt
kernel api NtAssociateWaitCompletionPacket which associates an event
with a completion packet. Each completion packet notifies only once, as
they are normally used to signal completion of an operation so to use
them for notifiers they are associated again after each time they are
triggered.
There are more optimizations that can be done, such as reusing the
EventLoopNotifier and EventLoopTimer structures to reduce the number of
allocations and context switches for timer and notifier registration.
This change makes the error formatter on windows use a stack array
instead of a heap allocated array. This is because the heap allocation
fails when being ran during process teardown.
MonotonicTime was using 32 bit floats for operations on the values
converted from an i64 returned by the performance counter. This caused
to either precision losses or complete losses of the data for timing
even things as long as hundreds of miliseconds, which should never be a
problem with the resolution of the performance counter. This change
fixes that behavior.
When shutting down helper processes, PosixSocketHelper::close() in
SocketWindows when trying to close the socket fd with
WSANOTINITIALISED. This was due to us initiating WinSock2 during static
initialization and presumably also not terminating WinSock2 properly.
Similar to WinSock2 initiation, calling CRT during static
initialization is considered dangerous given the CRT DLL itself may not
yet be initialized.
Because of the above, we move to perform this Windows-specific
runtime setup/teardown calls into the main() functions.
We could never hit the #else branches for some of these methods, because
we already relied on having __builtin_*_overflow() readily available in
earlier methods.
multiplication_would_overflow() with three arguments was only used in a
test, so let's get rid of that as well.
This allows you to reinterpret a Span to any given type, maintaining
the original data and working out the new size for you.
The target type must evenly fit into the Span's original type, ensuring
bytes are not dropped.
This is a weak pointer that integrates with the garbage collector.
It has a number of differences compared to AK::WeakPtr, including:
- The "control block" is allocated from a well-packed WeakBlock owned by
the GC heap, not just a generic malloc allocation.
- Pointers to dead cells are nulled out by the garbage collector
immediately before running destructors.
- It works on any GC::Cell derived type, meaning you don't have to
inherit from AK::Weakable for the ability to be weakly referenced.
- The Weak always points to a control block, even when "null" (it then
points to a null WeakImpl), which means one less null check when
chasing pointers.
Introducing cpptrace as the primary backtrace library broke the
backtrace fallback during the code move. This commit properly links AK
to libbacktrace.
It also fixes the function signatures for the fallback backtrace
handlers.
This commit replaces the default backtrace logic with cpptrace, for
nicer, colored backtraces. Cpptrace runs on all of our supported
platforms excpet android. As such backtrace.h is left in place.
All the backtrace functions are made noinline to have a consistent
number of frames. A maximum depth parameter is added to dump_backtrace
with a default of 100. This should be enough, and can be easily
changed, and allows for limiting the maximum depth.
Setting the LADYBIRD_BACKTRACE_SNIPPETS environment variable enables
surrouding code snippets in the backtrace. Specifically 2 lines above
and below. This number can be changed by calling snippet_context on the
formatter. For the whole list of options of what can be done with
formatting see the cpptrace repository.
On Windows we skipped frames when verification fails and when
dump_backtrace was added the logic was wrong and would have skipped
frames we care about.
This commit also implements skipping frames on Linux.
The only time where this does not skip all frames is when the call to
backtrace gets intercepted. Then we will end up skipping one frame less
than needed.
To keep delayload on Windows a patch and overlay port is used. When
upstream accepts these changes and vcpkg bumps the version the patch
could be removed to have just the cmake define.
...and use it to make HashMap::ensure() do a single hash lookup instead
of three.
We achieve this by factoring out everything but the bucket construction
logic from HashTable::write_value() into a lookup_for_writing() helper
so we can use it from more places.
Before this change, we'd construct a ByteBuffer for the internal buffer,
and then move-construct StringBuilder::m_buffer from it.
Due to ByteBuffer's inline capacity, this meant we had to memmove the
inline buffer an extra time for every StringBuilder created.
This is a _significant_ perf improvement as we no longer have to think
about tracking state transitions from empty <-> nonempty.
(corresponds to a ~20% perf improvement in LibWasm)
Instead of repeatedly removing elements off the vector, this allows for
specifying all the removed indices at once, and does not perform any
extra reallocations or unnecessary moves.
Copy parse() method from LibCore::DateTime::parse(). Augment the method
to handle parsing from GMT time. Fix incorrect handling of year in '%D'
format specifier. Remove all format specifiers related to time zones.
Copy relevant tests and add additional ones.
Buckets being iterated by pointer instead of reference was causing a
compilation error when calling clear_with_capacity() on a HashTable
containing a non-trivially-destructible type.
