Instead of returning HeapBlock memory to the kernel (or a non-type
specific shared cache), we now keep a BlockAllocator per CellAllocator
and implement "deallocation" by basically informing the kernel that we
don't need the physical memory right now.
This is done with MADV_FREE or MADV_DONTNEED if available, but for other
platforms (including SerenityOS) we munmap and then re-mmap the memory
to achieve the same effect. It's definitely clunky, so I've added a
FIXME about implementing the madvise options on SerenityOS too.
The important outcome of this change is that GC types that use a
type-specific allocator become immune to use-after-free type confusion
attacks, since their virtual addresses will only ever be re-used for
the same exact type again and again.
Fixes#22274
This commit un-deprecates DeprecatedString, and repurposes it as a byte
string.
As the null state has already been removed, there are no other
particularly hairy blockers in repurposing this type as a byte string
(what it _really_ is).
This commit is auto-generated:
$ xs=$(ack -l \bDeprecatedString\b\|deprecated_string AK Userland \
Meta Ports Ladybird Tests Kernel)
$ perl -pie 's/\bDeprecatedString\b/ByteString/g;
s/deprecated_string/byte_string/g' $xs
$ clang-format --style=file -i \
$(git diff --name-only | grep \.cpp\|\.h)
$ gn format $(git ls-files '*.gn' '*.gni')
GCC 13 produces the following true positive warnings:
- `-Wredundant-move` when trying to move `result->tooltip()`, which
is a const reference in `Assistant/main.cpp`
- `-Wuse-after-free` when freeing an environment variable before
removing it from `s_malloced_environment_variables`
- `-Wdangling-pointer` when storing an AST node's `this` pointer to the
interpreter's node stack in LibJS. This is not actually an issue, as
it is popped when the scope ends, but GCC has no way of telling this.
The pattern to construct `Application` was to use the `try_create`
method from the `C_OBJECT` macro. While being safe from an OOM
perspective, this method doesn't propagate errors from the constructor.
This patch make `Application` use the `C_OBJECT_ABSTRACT` and manually
define a `create` method that can bubble up errors from the
construction stage.
This commit also removes the ability to use `argc` and `argv` to
create an `Application`, only `Main`'s `Arguments` can be used.
From a user point of view, the patch renames `try_create` => `create`,
hence the huge number of modified files.
Previously, Frames could set both these properties along with a
thickness to confusing effect: Most shapes of the same shadowing only
differentiated at a thickness >= 2, and some not at all. This led
to a lot of creative but ultimately superfluous choices in the code.
Instead let's streamline our options, automate thickness, and get
the right look without so much guesswork.
Plain shadowing has been consolidated into a single Plain style,
and 0 thickness can be had by setting style to NoFrame.
A BinaryHeap is now used to keep track of the 6 highest scoring files.
This ensures that a FileResult is not created for a result that will
never be displayed.
This class had slightly confusing semantics and the added weirdness
doesn't seem worth it just so we can say "." instead of "->" when
iterating over a vector of NNRPs.
This patch replaces NonnullRefPtrVector<T> with Vector<NNRP<T>>.
This prevents unnecessary queries being executed when pasting text
or typing very quickly. The debounce timeout is 5ms, which is half the
rate at which the UI is updated. Therefore, there should be no
noticable impact on user experience.
Previously, results were cached for each query in a single list.
The majority of CPU time was spent determining which items in the
cache had been seen previously. This commit removes the need to
check previous results by holding a separate list of results for each
provider type.
This makes Assistant feel much more responsive to user input,
especially when the filesystem has a lot of files.
Rip that bandaid off!
This does the following, in one big, awkward jump:
- Replace all uses of `set_main_widget<Foo>()` with the `try` version.
- Remove `set_main_widget<Foo>()`.
- Rename the `try` version to just be `set_main_widget` because it's now
the only one.
The majority of places that call `set_main_widget<Foo>()` are inside
constructors, so this unfortunately gives us a big batch of new
`release_value_but_fixme_should_propagate_errors()` calls.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
Disregarding minimum widget size was originally set as a quick fix
when converting Assistant to a Popup window, but it's really much
easier to let layout manage dynamic resizing instead of trying to
add up pixels piecemeal.
This gives search results a more tactile look and feel, consistent
with other iconified widgets across the system. Custom provider
subtitles now appear as tooltips.
Makes the Audio applet, Taskbar clock, CommandPalette, EmojiPicker,
and Assistant work as Popup windows. Popups are frameless, unmovable,
and unresizable by default, in addition to their preemptive function.
Also sets Assistant not to obey widget min size so its search result
area resizes correctly
This is partially a revert of commits:
10a8b6d411561b67a1ad
Rather than adding the prot_exec pledge requried to use dlopen(), we can
link directly against LibUnicodeData in applications that we know need
that library.
This might make the dlopen() dance a bit unnecessary. The same purpose
might now be fulfilled with weak symbols. That can be revisted next, but
for now, this at least removes the potential security risk of apps like
the Browser having prot_exec privileges.
Loading libunicodedata.so will require dlopen(), which in turn requires
mmap(). The 'prot_exec' pledge is needed for this.
Further, the .so itself must be unveiled for reading. The "real" path is
unveiled (libunicodedata.so.serenity) as the symlink (libunicodedata.so)
itself cannot be unveiled.
Derivatives of Core::Object should be constructed through
ClassName::construct(), to avoid handling ref-counted objects with
refcount zero. Fixing the visibility means that misuses like this are
more difficult.
Previously, Assistant was able to re-execute itself due to a quirk in
the global cursor tracking logic, it seems.
Now it has become necessary to explicitly drop the lockfile before
activating the new Assistant instance.
Alternatively, this has always been a latent bug that only now has
become more likely.
This allows for typing [8] instead of [8, 8, 8, 8] to specify the same
margin on all edges, for example. The constructors follow CSS' style of
specifying margins. The added constructors are:
- Margins(int all): Sets the same margin on all edges.
- Margins(int vertical, int horizontal): Sets the first argument to top
and bottom margins, and the second argument to left and right margins.
- Margins(int top, int vertical, int bottom): Sets the first argument to
the top margin, the second argument to the left and right margins,
and the third argument to the bottom margin.
Previously the argument order for Margins was (left, top, right,
bottom). To make it more familiar and closer to how CSS does it, the
argument order is now (top, right, bottom, left).
While typing, we get the results from each provider asynchronously.
Previously, we were updating the UI for each result size,
which was causing a lot of flickering.
This fix creates a small timer to bundle the results
and reduce the number of UI updates per input.
I found myself accidentally opening two assistants at once with the
Window+Space shortcut. Since only one assistant window is usable at the
same time, I made assistant only spawn 1 instance at most.
