| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
std/selectors uses OS-specific selector APIs, which sounds good in
theory (faster than poll!), but sucks for portability in practice.
Sure, you can fix portability bugs, but who knows how many there are
on untested platforms... poll is standard, so if it works on one
computer it should work on all other ones. (I hope.)
As a bonus, I rewrote the timeout API for poll, which incidentally
fixes setTimeout across forks. Also, SIGWINCH should now work on all
platforms (as we self-pipe instead of signalfd/kqueue magic).
|
| |
|
|
|
|
| |
* fix broken int conversion in dynstream
* fix EPIPE handling in forkserver
* merge fdmap and connectingContainers into loader map
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* refactor parseHeader
* optimize response blob()
* add direct "to cache" mode for loader requests which sets stdout to a
file, and use it for image processing
* move image resizing into a separate process
* mmap cache files in between processing steps when possible
At last, resize is no longer a part of image decoding. Also, it feels
much nicer to keep encoded image data in the same cache as everything
else.
The mmap operations *should* be more efficient than copying the whole
RGBA data through a pipe. In practice, it only makes a difference for
loading (well, now just mmapping) the encoded image into the pager,
where it singlehandedly speeds up image display by 10x on my test image.
For the other steps, the unfortunate fact that "tocache" must delay the
next fork/exec in the pipeline until the entire image is processed seems
to equal out any wins we might have gotten from skipping a single raw
RGBA copy.
I have tried moving the delay before the exec (it's possible with yet
another pipe), but it didn't help much and made the code much
uglier. (Not that tocache didn't, but I can live with this...)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I thought this would work fine, but then images weren't loading. Upon
closer inspection I realized we don't necessarily let the image decoder
finish reading the entire file on pass 1 (header parsing), which means
pass 2 (decoding) can end up reading a partially downloaded cache file.
To fix this, we now fall back to streaming mode when an open handle to
the cached item still exists.
(An alternative would be to wait for the cached item to finish loading,
but that's harder to implement and might be slower anyway - the current
implementation allows for the decoder to run while an image is still
being loaded, but we couldn't do that with the second approach.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Module boundaries didn't make much sense here either. Specifically:
* loader/cgi was originally just one of the many "real" protocols
supported by loader, so it was in a separate module (like the other
ones). Now it's mostly an "internal" protocol, and it was getting
cumbersome to pass all required loader state to loadCGI.
* The loader interface has grown quite large, but there is no need for
(or advantage in) putting it in the same module as the implementation.
Now CGI is handled by loader, and the interface is in the new module
"loaderiface".
|
| |
|
|
| |
directly accessing map was a bit too error prone
|
| |
|
|
|
|
|
|
| |
* factor out input/output handle tables; use a seq instead
* add possibility to directly open cached items onto stdin (mainly an
optimization for reading images, which are always cached)
* close used handles on local CGI execution
* make clone during load work again
|
| |
|
|
| |
select allocates. (makes sense, but I never realized...)
|
| |
|
|
|
|
|
| |
pain...
(also, fix an fd leak, plus a more general bug where we registered
empty output handles.)
|
| |
|
|
| |
+ be a bit more paranoid about double closes
|
| |
|
|
|
|
|
|
|
|
| |
* stream: and passFd is now client-based, and accessible for buffers
* Bitmap's width & height is now int, not uint64
* no more non-network Bitmap special case in the pager for canvas
I just shoehorned it into the static image model, so it still doesn't
render changes after page load. But at least now it doesn't crash the
browser.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add responseText, response
* add net tests
-> currently sync XHR only; should find a way to do async
tests...
* update monoucha
-> simplified & updated some related code that no longer worked
properly
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* fix header case sensitivity issues
-> probably still wrong as it discards the original
casing. better than nothing, anyway
* fix fulfill on generic promises
* support standard open() async parameter weirdness
* refactor loader response body reading (so bodyRead is no longer
mandatory)
* actually read response body
still missing: response body getters
|
| |
|
|
|
|
|
| |
data URIs can get megabytes long; however, you can only stuff so many
bytes into the envp. (This was thwarting my efforts to view pandoc-
generated standalone HTML in Chawan.) So put `data:' back into the
loader process.
|
| |
|
|
|
|
|
|
|
| |
* xmlhttprequest: fix missing import
* painter: generic tuple workaround
* dynstream: merge module with implementations (so it will work with
vtables)
Not enabling vtables yet since it doesn't work with refc.
|
| | |
|
| |
|
|
|
| |
This fixes a bug where cloning buffers with images would crash the
browser.
|
| |
|
|
|
|
|
|
| |
The status code & headers are no longer guaranteed to be sent right
after res/outputId, so read them asynchronously instead.
(This is pretty much the same code as the buffer connection handler in
pager. Hopefully we can merge the two at some point.)
|
| |
|
|
|
|
|
|
| |
It seems registerHandle/unregister doesn't accept cint as handles. Not
sure why it even works on 64-bit targets... (maybe some converter
weirdness?)
Seems best to explicitly cast it away.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resize images with stb_image_resize
* use tee for output handle redirection (redirectToFile blocks)
* cache original image files
* accept lseek in sandbox
* misc stbi fixes
For now, I just pulled in stb_image_resize v1. v2 is an extra 150K in
size, not sure if it's worth the cost. (Either way, we can always switch
later if needed, since the API is almost the same.)
Next step: move sixel/kitty encoders to CGI, and cache their output in
memory instead of the intermediate RGBA representation.
|
| | |
|
| | |
|
| |
|
|
| |
we no longer crash on broken codecs. yay
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* multi-processed and sandboxed PNG decoding & encoding (through local
CGI)
* improved request body passing (including support for output id as
response body)
* simplified & faster blob()/text() - now every request starts
suspended, and OngoingData.buf has been replaced with loader's
buffering capability
* image caching: we no longer pull bitmaps from the container after
every single getLines call
Next steps: replace our bespoke PNG decoder with something more usable,
add other decoders, and make them stream.
|
| |
|
|
| |
Operation "modularize Chawan somewhat" part 3
|
| |
|
|
|
|
|
| |
* make Client an instance of Window (for less special casing)
* misc work on Request & fetch
* improve origin comparison (opaque origins of same URLs are now
considered the same)
|
| |
|
|
|
|
|
| |
* add $LOGNAME to the tmp directory name, so that tmpdirs of separate
users don't conflict
* use separate directory for sockets, so that we do not have to give
buffers access to all cached pages
|
| |
|
|
|
|
|
| |
* prefix to-be-separated modules with js
* remove dynstreams dependency
* untangle from EmptyPromise
* move typeptr into tojs
|
| |
|
|
|
|
| |
Instead of the error-prone method of selectively applying config values
only for non-initial requests, add a separate (privileged) loader
command which allows specifying a different client config.
|
| |
|
|
|
|
|
| |
Equivalent to curl --insecure.
Note: unfortunately this does not help if the server is using unsafe
legacy renegotiation, you have to allow that in the OpenSSL config.
|
| |
|
|
|
|
|
|
|
| |
* do not use std's parse*Int; they accept weird stuff that we do not
want to accept in any case
* fix bug in parseHost where a parseIpv4 failure would result in an
empty host
* do not use isDigit, isAlphaAscii
* improve parse*IntImpl error handling
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use libseccomp, which is now a semi-mandatory dependency on Linux.
(You can still build without it, but only if you pass a scary long flag
to make.)
For this to work I had to disable getTimezoneOffset, which would
otherwise call localtime_r which in turn reads in some files from
/usr/share/zoneinfo. To allow this we would have to give unrestricted
openat(2) access to buffer processes, which is unacceptable.
(Giving websites access to the local timezone is a fingerprinting vector
so if this ever gets fixed then it should be an opt-in config setting.)
This patch also includes misc fixes to buffer cloning, and fixes the
LIBEXECDIR override in the makefile so that it is actually useful.
|
| |
|
|
|
|
| |
* separate params with ; (semicolon) instead of , (colon)
* reduce screaming snake case use
* wrap long lines
|
| |
|
|
|
| |
GCC seems to generate something that strongly resembles a constant time
comparison, so I guess this should be good enough.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's the sandboxing system of FreeBSD. Quite pleasant to work with.
(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)
Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.
This also gets rid of that ugly SocketPath global.
|
| |
|
|
|
|
|
|
|
|
| |
* fix mismatch between return value & read value that would either crash
or freeze the browser depending on its mood
* add an assertion to detect the above footgun
* fix some resource leaks
* fix iteration over a table that called a function which altered the
table in buffer's cancel()
* if user cancels before anything is loaded, destroy the container too
|
| |
|
|
| |
copy-paste error
|
| |
|
|
|
|
|
|
| |
This way they are no longer compatible, but we no longer need them to
be compatible anyway.
(This also forces us to throw out the old serialize module, and use
packet writers everywhere.)
|
| |
|
|
| |
analogous to bufwriter
|
| |
|
|
|
|
|
| |
So long as we have to live with siteconf, let's at least make it useful.
Also, rewrite the header overriding logic because while it did work,
it only did so accidentally.
|
| |
|
|
| |
no reason to do it separately in setupEnv
|
| |
|
|
| |
This way, we can use it everywhere (e.g. in mailcap).
|
| |
|
|
|
|
|
|
|
|
| |
Unsurprisingly enough, calling `write` a million times is never going to
be very fast.
BufferedWriter basically does the same thing as serialize.swrite did,
but queues up writes in batches before sending them.
TODO: give sread a similar treatment
|
| |
|
|
|
|
|
| |
As simple as it could be; no download panel yet.
Also, remove the xdg-open default mailcap entry; it's better to just
save by default.
|
| |
|
|
|
|
|
| |
Seems wise to flush before e.g. reading.
And unwise to enable buffering on tee() even though we disable it on
startRequest()
|
| | |
|
| |
|
|
|
|
|
|
| |
It was defined in the wrong module, and unnecessarily included
LoaderClientConfig.
Also, referrerPolicy was not being propagated to loader clients because
it was (incorrectly) in BufferConfig instead of LoaderClientConfig.
|