It's not enough to send ourselves a SIGABRT, as it may be ignored or handled
differently. We really, really want abort() to never return, as that will mess
up the assumptions of the calling code big time. So, if raise(SIGABRT) returns,
kill ourselves with SIGKILL, and if that somehow returns too, call _exit().
An alternative approach, which glibc apparently follows, is to reset SIGABRT
disposition to its default value and then send SIGABRT to yourself a second
time. That would also work, but I believe SIGKILL + _exit() to be a simpler
approach that is less likely to break in extremely weird situations.
Note that this only guarantees that abort() never returns, not that the process
actually gets killed. It's still possible to install a SIGABRT handler that
simply never returns (such as by longjmp'ing out, endlessly looping, or exec'ing
another image). That is a legitimate use case we want to support; at the same
time most software doesn't use that functionality and would benefit from hard
guarantees that abort() terminates the program. The following commit is going to
introduce means for ensuring SIGABRT handler is never reset to something
unexpected.
This patch makes strto{u,}l{l,}() behave more to-spec about endptr.
"If endptr is not NULL, strtoull stores the address of the first invalid
character in *endptr."
This fixes the behavior for several inputs:
- '-0' (shouldn't work but was accepted)
- '+3' (shouldn't work but was accepted)
- '13835058055282163712' (should work but returned 9223372036854775807 with errno=ERANGE)
This strtod implementation is not perfectly accurate, as evidenced by the test
(accuracy_strtod.cpp), but it is sufficiently close (up to 8 eps).
The main sources of inaccuracy are:
- Highly repeated division/multiplication by 'base'
(Each operation brings a multiplicative error of 1+2^-53.)
- Loss during the initial conversion from long long to double (most prominently,
69294956446009195 should first be rounded to 69294956446009200 and then
converted to 69294956446009200.0 and then divided by ten, yielding
6929495644600920.0. Currently, it converts first to double, can't represent
69294956446009195.0, and instead represents 69294956446009190, which
eventually yields 6929495644600919.0. Close, but technically wrong.)
I believe that these issues can be fixed by rewriting the part at and after
double value = digits.number();
and that the loss before that is acceptable.
Specifically, losing the exact exponent on overflow is obviously fine.
The only other loss occurs when the significant digits overflow a 'long long'.
But these store 64(-7ish) bits, and the mantissa of a double only stores 52 bits.
With a bit more thinking, one could probably get the error down to 1 or 2 eps.
(But not better.)
Fixes#1979.
This makes getting a pseudoterminal pair a little bit more portable.
Note that grantpt() and unlockpt() are currently no-ops, since we've
already granted the pseudoterminal slave to the calling user.
We also accept O_CLOEXEC to posix_openpt(), unlike some systems. :^)
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.
For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.
Going forward, all new source files should include a license header.
While I was updating syscalls to stop passing null-terminated strings,
I added some helpful struct types:
- StringArgument { const char*; size_t; }
- ImmutableBuffer<Data, Size> { const Data*; Size; }
- MutableBuffer<Data, Size> { Data*; Size; }
The Process class has some convenience functions for validating and
optionally extracting the contents from these structs:
- get_syscall_path_argument(StringArgument)
- validate_and_copy_string_from_user(StringArgument)
- validate(ImmutableBuffer)
- validate(MutableBuffer)
There's still so much code around this and I'm wondering if we should
generate most of it instead. Possible nice little project.
Implement __cxa_atexit and __cxa_finalize per the Itanium spec,
and convert stdlib's atexit and exit() to to call them instead of
a custom 'C-only' atexit implementation.
This just copies the short char into the wide char without any decoding
whatsoever. A proper implementation should look at the current LC_CTYPE
and implement multi-byte decoding.
`atof()` has now been implemented as part of the standard C library.
It supports scientific notation such as `1.2e-3` etc, ala the version
found as part of `glibc`.
It's a bit chunky, so there's probably room for optimisations here
and there, however, for now it works as intended (and allows Quake
to run).
Serenity is really not production ready; I shouldn't have to warn
you not to trust the RNG here. This is for compatibility with
software expecting the interface.
arc4random does expose an annoying flaw with the syscall I want
to discuss with Kling though.
These are basically copy and pasted from the regular string version.
Also add some more multi-byte/wide conversion stub.
libarchive wanted these. There's a lot more, but we can add them
one at a time.
This was a workaround to be able to build on case-insensitive file
systems where it might get confused about <string.h> vs <String.h>.
Let's just not support building that way, so String.h can have an
objectively nicer name. :^)
Rewrite this function to go from left-to-right instead of right-to-left
since this allows us to accumulate valid characters before encountering
any invalid ones.
This fixes parsing of strings emitted by GCC, like "1, %0|%0, %1}". :^)
