Having an alias function that only wraps another one is silly, and
keeping the more obvious name should flush out more uses of deprecated
strings.
No behavior change.
These instances were detected by searching for files that include
stdlib.h, but don't match the regex:
\\b(_abort|abort|abs|aligned_alloc|arc4random|arc4random_buf|arc4random_
uniform|atexit|atof|atoi|atol|atoll|bsearch|calloc|clearenv|div|div_t|ex
it|_Exit|EXIT_FAILURE|EXIT_SUCCESS|free|getenv|getprogname|grantpt|labs|
ldiv|ldiv_t|llabs|lldiv|lldiv_t|malloc|malloc_good_size|malloc_size|mble
n|mbstowcs|mbtowc|mkdtemp|mkstemp|mkstemps|mktemp|posix_memalign|posix_o
penpt|ptsname|ptsname_r|putenv|qsort|qsort_r|rand|RAND_MAX|random|reallo
c|realpath|secure_getenv|serenity_dump_malloc_stats|serenity_setenv|sete
nv|setprogname|srand|srandom|strtod|strtof|strtol|strtold|strtoll|strtou
l|strtoull|system|unlockpt|unsetenv|wcstombs|wctomb)\\b
(Without the linebreaks.)
This regex is pessimistic, so there might be more files that don't
actually use anything from the stdlib.
In theory, one might use LibCPP to detect things like this
automatically, but let's do this one step after another.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
This ensures we have just one location for determining the time zone, so
that LibC and LibTimeZone will behave the same.
(Note the FIXME removed here is also in TimeZone::current_time_zone.)
Previously, we were incorrectly assuming that the daylight global
variable indicated whether the current time zone is in DST. In reality,
the daylight variable only indicates whether a time zone *can* be in
DST.
Instead, the tm structure has a tm_isdst member that should be used for
this purpose. Ensure our LibC handles tm_isdst, and avoid errant usage
of the daylight variable in Core::DateTime.
Right now, the tm_to_time helper invokes time_to_tm to validate the
time_t it creates. Soon, both tm_to_time and time_to_tm will perform
some TZDB lookups to handle DST. This isn't a huge cost, but let's
avoid the double lookup here.
The time zone name will be needed for TZDB lookups in various time.h
functions. Cache the value found by tzset(), defaulting to the system-
wide default of UTC.
This also moves the time.h global definitions to the top of the file.
The cached time zone name will be needed above where these variables are
defined, so this is just to keep them all together.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
POSIX says that localtime should fail with EOVERFLOW if the result
cannot be represented, which is the case for most large (in absolute
value) time_t inputs, since they overflow (or underflow) tm_year, which
is an int. This patch introduces this functionality. Previously, tm_year
just overflowed (or underflowed) silently.
Incidentally, this partially fixes#12729 without solving the root
problem, which is that time_to_tm is linear in its input to determine
the number of years since epoch.
This means that the bash port mktime test no longer times-out in 60s,
but it still fails (faster) in some other place. Due to underlying issue
in the algorithm, the worst case inputs still take a couple of seconds
on my machine.
Day and month name constants are defined in numerous places. This
pulls them together into a single place and eliminates the
duplication. It also ensures they are `constexpr`.
This renames the current implementation of current_time_zone to
system_time_zone to more clearly indicate what it is. Then reimplements
current_time_zone to return whatever was set up by tzset, falling back
to UTC if something went awry, for convenience.
From POSIX:
the ctime(), localtime(), mktime(), strftime(), and strftime_l()
functions are required to set timezone information as if by calling
tzset()
ctime is excluded here because it invokes localtime, so there's no need
to invoke tzset twice.
The `nonnull` attribute may delete null checks in the generated code, as
per the [GCC documentation]:
> The compiler may also perform optimizations based on the knowledge
> that nonnul parameters cannot be null. This can currently not be
> disabled other than by removing the nonnull attribute.
Disassembling the function as compiled by GCC, we can see that there is
no branch based on if `tv` is null. This means that `gettimeofday`
would produce UB if passed a null parameter, even if we wanted to
predictably return an error. Clang refuses to compile this due to a
`pointer-bool-conversion` warning.
In this commit, `settimeofday` is changed as well to match
`gettimeofday`'s null argument handling.
[GCC documentation]:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute
This patch adds a vDSO-like mechanism for exposing the current time as
an array of per-clock-source timestamps.
LibC's clock_gettime() calls sys$map_time_page() to map the kernel's
"time page" into the process address space (at a random address, ofc.)
This is only done on first call, and from then on the timestamps are
fetched from the time page.
This first patch only adds support for CLOCK_REALTIME, but eventually
we should be able to support all clock sources this way and get rid of
sys$clock_gettime() in the kernel entirely. :^)
Accesses are synchronized using two atomic integers that are incremented
at the start and finish of the kernel's time page update cycle.
Problem:
- `static` variables consume memory and sometimes are less
optimizable.
- `static const` variables can be `constexpr`, usually.
- `static` function-local variables require an initialization check
every time the function is run.
Solution:
- If a global `static` variable is only used in a single function then
move it into the function and make it non-`static` and `constexpr`.
- Make all global `static` variables `constexpr` instead of `const`.
- Change function-local `static const[expr]` variables to be just
`constexpr`.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
This achieves two things:
- Programs can now intentionally perform arbitrary syscalls by calling
syscall(). This allows us to work on things like syscall fuzzing.
- It restricts the ability of userspace to make syscalls to a single
4KB page of code. In order to call the kernel directly, an attacker
must now locate this page and call through it.
Quoting POSIX:
https://pubs.opengroup.org/onlinepubs/009695399/functions/tzset.html
The tzset() function also shall set the external variable daylight
to 0 if Daylight Savings Time conversions should never be applied
for the timezone in use; otherwise, non-zero.
We're already pretending to be in UTC+0 and setting timezone to 0
accordingly, we can also fake the absence of Daylight Savings Time.
Since tzset() itself pretends to succeed (it just sets timezone = 0 for
now), it seems unwise to leave tzname uninitialized. Since Serenity
already assumes UTC pretty much everywhere time is used, let's continue
that trend here. Quoting POSIX:
https://pubs.opengroup.org/onlinepubs/009695399/functions/tzset.html
The tzset() function shall use the value of the environment variable
TZ to set time conversion information used by ctime(), localtime(),
mktime(), and strftime(). If TZ is absent from the environment,
implementation-defined default timezone information shall be used.
So we still don't care about TZ at all, but the program doesn't need to
know! :^)
This matches what musl libc ("UTC") and glibc ("GMT") do, see:
- https://sourceware.org/git/?p=glibc.git;a=blob;f=time/tzset.c
- https://git.musl-libc.org/cgit/musl/tree/src/time/__tz.c
