Various changes are needed to support this:
- The directory is created by Core::Account on login (and located in
/tmp).
- Service's sockets are now deleted on exit (to allow re-creation)
- SystemServer needs to handle SIGTERM to correctly destroy services.
This is a simple helper to debounce a function call, such as
an event handler. It avoids the function being called until
the event as settled down (i.e. after the timeout).
Most changes are around user and group management, which are exposed in
the Android NDK differently than other Unices.
We require version 30 for memfd_create, version 28 for posix_spawn, and
so on. It's possible a shim for memfd_create could be used, but since
Google is mandating new apps use API level 30 as of Nov 2022, this seems
suitable.
Replacement conditions for `requires_argument` have been chosen based
on what would be most convenient for implementing an eventual optional
argument mode.
This fixes a misconception in our current `ArgsParser` implementation.
If `requires_argument` is false, it doesn't mean that the argument is
optional (i.e. "not required"). It means that there is no argument at
all.
This prevents us from needing a sv suffix, and potentially reduces the
need to run generic code for a single character (as contains,
starts_with, ends_with etc. for a char will be just a length and
equality check).
No functional changes.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
Error::from_string_literal now takes direct char const*s, while
Error::from_string_view does what Error::from_string_literal used to do:
taking StringViews. This change will remove the need to insert `sv`
after error strings when returning string literal errors once
StringView(char const*) is removed.
No functional changes.
This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
These convenience templates allow the following to be written as before:
TRY(Core::System::pledge("promises..."));
TRY(Core::System::pledge("promises...", "execpromises..."));
TRY(Core::System::unveil("path", "permissions"));
TRY(Core::System::unveil(nullptr, nullptr));
Other uses must now append sv to any literal string passed to pledge and
unveil.
These were accidental (or leftover) uses of String::characters() to
construct StringViews through its StringView(char const*) constructor.
Since this constructor is due to be removed, this will no longer work.
Plus this prevents strlen from being run on these strings unnecessarily.
These are mostly minor mistakes I've encountered while working on the
removal of StringView(char const*). The usage of builder.put_string over
Format<FormatString>::format is preferrable as it will avoid the
indirection altogether when there's no formatting to be done. Similarly,
there is no need to do format(builder, "{}", number) when
builder.put_u64(number) works equally well.
Additionally a few Strings where only constant strings were used are
replaced with StringViews.
The extra argument to fcntl is a pointer in the case of F_GETLK/F_SETLK
and we were pulling out a u32, leading to pointer truncation on x86_64.
Among other things, this fixes Assistant on x86_64 :^)
Stub out the FileWatcher class with ENOTSUP stubs to let Services that
require it to compile for Lagom. Later we should add real code for this
using techniques like Linux's inotify(7).
For the general case, allocations will always have the size of a block.
In case of a smaller read a block will be filled entirely before another
allocation appends.
It also adds a specialization for Stream::File::read_all() that tries to
detect the size of the file with fstat to perform a single allocation.
This makes the wrapper more like the rest in LibCore, and also
removes the annoying limitation of not supporting arguments.
There are three overloads one for String, char const *, and StringView
argument lists. As long as there are <= 10 arguments the argv list
will be allocated inline, otherwise on the heap.
The main event loop functionality was used in just two places where the
alternative is a bit simpler. Remove it in favor of referencing the
event loop directly, or just invoking `EventLoop::current()`.
Note that we don't need locking in the constructor since we're now only
modifying a thread-local `Vector`. We also don't need locking in the
old call sites to `::with_main_locked()` since we already lock the
event loop in the subsequent `::post_event()` invocation.
While working on #13764 I noticed that DateTime::to_string() would just
return an empty String if the format included an invalid specifier
(eg `%Q`). This seems to be a mistake. POSIX date(1), which I believe
we are basing our implementation on, only replaces valid specifiers,
and any invalid ones get included as literals in the output.
For example, on Linux `date "+%Quiz"` returns "%Quiz", but we were
returning "".
This new class with an admittedly long OOP-y name provides a circular
queue in shared memory. The queue is a lock-free synchronous queue
implemented with atomics, and its implementation is significantly
simplified by only accounting for one producer (and multiple consumers).
It is intended to be used as a producer-consumer communication
datastructure across processes. The original motivation behind this
class is efficient short-period transfer of audio data in userspace.
This class includes formal proofs of several correctness properties of
the main queue operations `enqueue` and `dequeue`. These proofs are not
100% complete in their existing form as the invariants they depend on
are "handwaved". This seems fine to me right now, as any proof is better
than no proof :^). Anyways, the proofs should build confidence that the
implemented algorithms, which are only roughly based on existing work,
operate correctly in even the worst-case concurrency scenarios.
For now, EventLoop and Application still have a make_inspectable
parameter, so that when working on an application you can temporarily
hard-code it to be inspectable rather than having to set the env var
each time.
Similar reasoning to making Core::Stream::read() return Bytes, except
that every user of read_line() creates a StringView from the result, so
let's just return one right away.
