Kevin Day [Wed, 23 Feb 2022 04:04:15 +0000 (22:04 -0600)]
Update: IKI Improvements and some cleanups.
The _di_X_t_ where "X" is something like f_fss_object, is missing the leading "f_" in several cases.
Make the *_increase() step variable an f_array_length_t.
Rather than trying to optimize, just guarantee whatever step size is desired is available.
Move the iki_read programs practice of defining an iki_data_t structure into the level_0 iki project.
This then allows simplifying the arguments passed to the iki read functions.
Kevin Day [Mon, 21 Feb 2022 01:52:21 +0000 (19:52 -0600)]
Update: Controller and control.
Fix bug in control where parameter should be "settings" and not "socket".
The controller can now detect the current path and provide a canonical relative path only for paths whose actual canonical path is within the current working directory that the controller program started in.
Fix printing of the help in the controller program (missing slashes).
Don't create socket and pid files when running validate and simulate.
When running simulate, still create the pid and socket files as appropriate.
Add new entry setting to allow explicitly setting the pid file path.
Remove no longer necessary functions that ensure terminating NULL.
The recent changes in the string functions now guarantee this.
Remove a lot of todo comments.
I will either get to them or not.
I plan on getting to writing IKI support.
It needs to happen and I can use the Fake program as an example.
Kevin Day [Sun, 20 Feb 2022 06:48:32 +0000 (00:48 -0600)]
Update: Make sure constant pointers that are intended to be read-only are just that.
I often read "const char *name" as a constant pointer.
This is strictly incorrect.
This actual means that this is a pointer to a constant character.
Mass change the pointers to constants that are intended to be themselves constant.
This is changed via a regex and test to compile and run.
I'm not sure if there are any problems with this change but everything seems fine.
This new code looks more awkward but is strictly correct.
Now "const char * const name" represents a constant pointer to a constant string.
This makes the parameter a constant and still allows for the pointer to point to a constant variable.
Kevin Day [Sun, 20 Feb 2022 00:36:52 +0000 (18:36 -0600)]
Progress: Continue mass converting to f_string_static_t and use const more.
In particular this separates the fl_conversion functions into two forms:
1) That accepts only the f_string_static_t and uses dynamic.used as the length.
2) That accepts both f_string_static_t and f_string_range_t and uses the range to determine the length.
This makes the conversion functions more consistent with the rest of the project's practices.
Kevin Day [Sat, 19 Feb 2022 13:45:44 +0000 (07:45 -0600)]
Update: Fakefile inner Objects should load the last Object from settings Section.
Use the last found Object for each name for Objects that support only a single value.
That is to say if there is:
load_build yes
load_build maybe
load_build no
Then the last load (whose value is "no") will be used.
No warnings will be thrown.
Objects that support multiple values will continue to append Content for each Object as they are found.
This does not change the "settings" and "main" Objects to match this behavior.
Those will remain as first specified is the first and only one processed and used.
This makes the behavior with the fakefile more consistent with the build settings.
Kevin Day [Sat, 19 Feb 2022 04:49:48 +0000 (22:49 -0600)]
Feature: Enable support for modes on (almost) all Fake build settings Objects.
The only ones that are now not supposed to support this are the "modes" and "modes_default" Objects.
It should now be possible to build against clang with a command like the following:
fake clean build -m monolithic -m clang
This is possible because of the "build_compiler-clang clang" and similar settings added to the build settings file in addition to the functionality added by this commit.
Kevin Day [Sat, 19 Feb 2022 02:10:16 +0000 (20:10 -0600)]
Security: Invalid reads, always add NULL for compatibility.
After switching from f_string_t to f_string_static_t, the NULL terminated string problem has become apparent.
If at any point in time these strings are passed to a standard function that expects NULL terminated strings, then an invalid read (or write) can occur.
Manually appending a NULL termination every time its needed has made the code messier than I would like.
This commit changes the behavior to instead always append a NULL termination after the string.used when appending strings.
I accept the additional resource cost of 1-byte per string to guarantee this.
This should make the program more easily more secure by catering to the NULL terminated string code out there.
This project still doesn't need the or care about NULL termination for most (but not all) of its functions.
Kevin Day [Fri, 18 Feb 2022 04:11:06 +0000 (22:11 -0600)]
Security: Executed program string is not NULL terminated.
While the FLL code doesn't need NULL termination, the C/POSIX execute functions are.
The lack of a NULL terminated results in an invalid read on execute.
Kevin Day [Thu, 17 Feb 2022 03:05:06 +0000 (21:05 -0600)]
Update: Console improvements with related security fix.
Add f_console_environment_process() to process environment variable data passed via main().
Add appropriate testing.
Setup all level 3 (programs) to have the environment data (envp).
The level 3 currently do not utilize this.
While looking at the tests, I realized that I noticed that I did not fully verify the sanity of the passed argc, argv, and now envp.
This is a security issue in that invalid data (argc could be wrong, argv could be NULL, etc..) could result in an invalid read.
Update the f_console_parameter_process() to verify the argc and argv data (f_console_parameter_process() doesn't utilize envp).
Improve tests to catch these potential problems.
Return F_data_not (without error bit) to represent that there is no argc, argv is NULL, or when argv[0] is NULL.
Change the previous F_data_not return to instead return F_complete_not (without error bit) to represent that all of the expected values were not found.
Update functions to use "const" after the asterisk representing the parameter pointer.
Kevin Day [Wed, 16 Feb 2022 05:37:15 +0000 (23:37 -0600)]
Refactor: Switch to a more directory based source file structure.
Mass change all of the code to further utilize directories.
The project has gotten big enough for this to matter.
The stable API should have a relatively clean directory structure.
Kevin Day [Tue, 15 Feb 2022 06:47:20 +0000 (00:47 -0600)]
Update: The build setting path_sources is not being properly used and improve skeleton process.
Resolve the fixme regarding the path_sources_object and similar.
Consolidate the static source build into functions.
The fake_build_setting_name_preserve_path_headers_s is in the wrong location, resulting in the incorrect loading of build settings data.
Provide default for path_sources.
Make the main->path_sources a prefix path where all sources exist (there will likely need to be a follow up commit to address this in bootstrap.sh).
Get rid of the path_source_* forr bash, c, and other custom paths.
Get rid of the redundant version default assignment in fake_build_load_setting_defaults().
Rename fake_build_load_setting_defaults() to fake_build_load_setting_override().
Kevin Day [Tue, 15 Feb 2022 03:24:44 +0000 (21:24 -0600)]
Refactor: Remove "_type" from f_type_array functions.
The f_type_array project is really just an exception case extension of f_type.
It's purpose is to provide the array functions for the associated array structures in f_type.
These cannot be stored in f_type due to circular dependency needs for the f_memory project.
I used f_type_* to prefix these functions but the inconsistency between the structure names has shown to be a problem.
Rename these functions to not have the "_type" within them.
Kevin Day [Mon, 14 Feb 2022 05:34:15 +0000 (23:34 -0600)]
Refactor: path_standard to has_path_standard.
Just like with the preserve_path_headers, change path_standard to has_path_standard.
This hopefully makes the terminology easier to understand by maintaining that all path_* Objects represent paths.
The commit changing path_headers_preserve to preserve_path_headers could have made more changes.
Further update preserve_path_headers to handle what was missed.
Kevin Day [Mon, 14 Feb 2022 04:58:26 +0000 (22:58 -0600)]
Regression: The path_headers_preserve isn't properly being processed and refactor it to preserve_path_headers.
It seems that I changed the path_sources.used to path_headers.used, probably thinking that I had previously made a mistake.
Rename the preserve to preserve_offset to make the intent and purpose more obvious.
The preserve_offset represents and offset to skip before performing the preserve.
The path_sources is the path that should be ignored (path_headers is not used here!).
Refactor path_headers_preserve to preserve_path_headers to make it clearer that this is not a path but instead a property related to a path.
Kevin Day [Mon, 14 Feb 2022 04:04:15 +0000 (22:04 -0600)]
Feature: Fake build settings now supports compiling only object files.
I've observed that many programs like to compile each source file separately by passing "-c" to GCC.
Then the linking is done separately.
I believe unit tests may benefit from compiling individual object files for cases when mocking needs to be performed only for select functions.
With an upcoming stable release planned, I felt that now is the time to get this in.
Due to limitations of the compilers, only a single object file may be generated at a time.
Multiple generated object files may be combined into either a library or a program.
Object file generation is shared vs static aware.
Custom defines and flags may be specified for building objects.
It is now possible to compile different objects files for the generated library and for the generated program.
These are improvements to the build settings build process.
The make build process is still available for more advanced compiling.
An example project, called "example-objects", is provided to demostrate how to utilize the build settings and a fakefile to compile multiple objects separately and then combine them into a single program.
Additional fixes and improvement were necessary to properly complete this feature.
Summary of additional fixes and improvements:
- Improve default handling behavior in both fake and bootstrap.sh.
- Provide more defaults, such as having "compiler" default to "gcc".
- Massive cleanup of the bootstrap.sh (bootstrap.sh is now much closer to matching the functionality of the fake build settings).
- Update documentation.
- Add an error message for when an unknown build mode is passed to the boostrap-example.sh script.
- Fix bug in f_path_directory_cleanup() where the termnating NULL is being included in the count.
Kevin Day [Sat, 12 Feb 2022 00:25:16 +0000 (18:25 -0600)]
Refactor: project_name t build_name.
Originally the build settings files are meant for projects.
I now believe that these should represent "builds".
Replace "project_name" with "build_name".
Kevin Day [Fri, 11 Feb 2022 04:32:22 +0000 (22:32 -0600)]
Progress: Continue mass converting to f_string_static_t.
This should get all of the programs compiling again.
There is still more work to do with switching to f_string_static_t, but the current pass is considered complete.
Another pass will follow up shortly.
Kevin Day [Fri, 11 Feb 2022 00:14:01 +0000 (18:14 -0600)]
Refactor: fl_console_parameter_to_string_dynamic_directory() to f_path_directory_cleanup().
I decided to improve the mentioned function and realized that it could be further generalized and move into the f_path project.
There is nothing else in fl_console and as such the fl_console project is entirely removed.
Kevin Day [Thu, 10 Feb 2022 03:45:28 +0000 (21:45 -0600)]
Bugfix: The prepend option is being incorrectly applied.
This is a bug that results from a naming context conflict where the "prepend" string must be "appended" to the buffer.
The f_string_dynamic_append() should be called instead of f_string_dynamic_prepend().
Kevin Day [Wed, 9 Feb 2022 04:53:22 +0000 (22:53 -0600)]
Progress: Continue mass converting to f_string_static_t.
Some of the append functions use *_adjust() functions and are now using *_resize() functions.
The f_string_dynamicss_t and similar structures are added.
This is done hastily with the expectation that I will get to writing unit tests eventually and will better review this code.
Kevin Day [Wed, 9 Feb 2022 04:49:03 +0000 (22:49 -0600)]
Security: Invalid read in private_f_print().
The variable "i" is incremented inside the loop without checking that i < length.
This potentially results in an invalid read (such as when the string is not NULL terminated after the designated length).
Kevin Day [Tue, 8 Feb 2022 05:39:57 +0000 (23:39 -0600)]
Bugfix: Bugs and regressions in recent "Progress:.." commits as well as in the Fake program.
This is in a way a continuation of the "Progress: Continue mass converting to f_string_static_t." commits.
However, there were some notable bugs that needed to be brought out and I feel they deserved to be treated as a bug rather than in-progress code changes.
Put the testfile context in a quote and fix the color context to perform the reset rather than leak red all over the console.
NULL terminate some f_environment functions to make compatibility with working with NULL terminated string functions more straight-forward.
This is noticed with the libc/POSIX execute family of functions.
The fl_console_parameter_to_string_dynamic_directory() needed to be converted in regards to the mass converting to f_string_static_t.
Make sure NULL termination is performed, which is previously may not have been (prior to transition to f_string_static_t, making this a bug).
I accidentally over-fixed "c1906053 Bugfix: File stream read inefficiency, allocation f_string_t instead of char, and actually use state.step_small.".
There is a case where the array is in fact an array of f_string_t and I incorrectly changed it to "char", resulting in a regression.
Have the fll_fss_snatch_apart() use *_increase_by() and similar functions rather than *_resize().
The *_resize() functions are more expensive in that the *_increase_by() only perform reallocations when necessary whereas the *_resize() almost always performs reallocations.
Make sure fll_fss_snatch_apart() calls f_string_dynamic_terminate_after().
I started to convert some of the macro delete functions in the Fake program to actual functions, but this process is very incomplete.
Add a couple of cache objects to th Fake program.
There are a lot of areas where caching can be used for increasing memory use efficiency, but much of this is ignore for now.
I hope to do more work in more completely utilizing caches in the Fake program before the upcoming stable release.
The Fake program needs to use the fake_default_allocation_small_d more consistently rather than F_memory_default_allocation_small_d.
Miscellaneous "Progress: Continue mass converting to f_string_static_t." related changes in the Fake program.
Some of these are just f_print_format() string fixes where '%S' is changed to '%Q' or '%r'.
The fake_make_operate_process_run() can be optimized to just perform an offset on the array rather than making an entirely new copy.
This should save a notable amount of memory.
Kevin Day [Mon, 7 Feb 2022 03:03:52 +0000 (21:03 -0600)]
Bugfix: File stream read inefficiency, allocation f_string_t instead of char, and actually use state.step_small.
The file stream reader requires the buffer to be pre-allocated.
Prevent the resize from resizing an extra time if the resulting size read is smaller than the requested size.
The caller can then optimize this by setting the read size to 1 digit larger than the actual file size.
Also switch to fread_unlocked() and handle the locks manually.
The strings are being allocated as f_string_t.
The f_string_t type definition is actually a "char *".
This is the size of a memory address (and could be as large as 64-bit type on 64-bit architectures).
This is a huge mistake because this should only be using size of char, which is 1.
I provided a state.step_large and state.step_small to the FSS functions as a quick solution for more control over memory management.
It turns out this is not being used and for very large files this can be very wasteful.
In the long term, I believe a better fix is needed where the files are pre-processed to determine the objects and contents.
Then, the structures can be allocated with a known size.
The reason for this is that it seems that memory resizes are significantly more expensive than processing an arbitrarily large string.
Increasing the cost of processing that string from one time to two times is likely worth the cost to save time and resources lost due to memory re-allocations.
Kevin Day [Sun, 6 Feb 2022 17:13:06 +0000 (11:13 -0600)]
Progress: Continue mass converting to f_string_static_t.
I've noticed several things that need cleaning and improvement, such as:
- I should make an f_string_dynamic_partial_rip() and have f_string_dynamic_rip() be consistent with other functions lie f_string_dynamic_append().
- iki_read is a bit sloppy in memory, I need to figure out why (and I imagine other are too).
- I've started clearing out old uses of object and content but I am concerned that I overdid the cleanup (I need to re-check some of this in the FSS programs).
There will most definitely need to be another cleanup pass on all of the programs focusing on cleaning up and improving the programs before I make my stable releases.
For now, I am ignoring those problems so I can better focus on f_string_static_t conversions.
Once the programs are updated with the current set of f_string_static_t, I still need to go through all of the remaining level_2 and lower functions to convert many of the functions still using f_string_t that should now be f_string_static_t.
Kevin Day [Sun, 6 Feb 2022 00:57:37 +0000 (18:57 -0600)]
Progress: Continue mass converting to f_string_static_t.
Of particular note are:
- Implementation of fll_program_data_t to provide a standard structure for basic use.
- f_color deallocation function with appropriate unit tests.
Kevin Day [Mon, 31 Jan 2022 04:40:58 +0000 (22:40 -0600)]
Progress: Continue mass converting to f_string_static_t.
The console program has been changed to populate an argv as a f_string_static_t.
This avoids having to run strlen() and strnlen() everywhere for console parameter processing.
The program that processes the parameters already does this, so save the values in an f_string_static_t.
Kevin Day [Fri, 28 Jan 2022 02:05:50 +0000 (20:05 -0600)]
Progress: Begin mass converting to f_string_static_t.
While working on the control and controller programs I realized that I should move from f_string_t to f_string_static_t.
This is a major change but it must be done before the API freeze for the stable release.
A long time ago, early in the design process of FLL, I considered using f_string_static_t (which was only f_string_dynamic_t at that time).
I had decided for simplicity and stuck with f_string_t.
In practice I have found that I was doing a lot of working creating f_string_static_t only to do more work to move it back to f_string_t.
This is an overall simplification of the project at the cost of some resources and some flexibility.
I've only just begun but I am already seeing what I believe to be is simpler code.
The biggest gotcha will be this will likely introduce bugs due to the sheer size of the changes.
The primary bug that will not be easily detected are the formatted print where '%s' needs to now become '%q' and '%S' needs to now become '%Q'.
There are also numerous potential optimizations that I am ignoring for now due to the size of this commit.
This work is by far not done and I expect all programs to fail.
I only tested compiling fake and I got it as far as running the help program.
Kevin Day [Wed, 26 Jan 2022 03:26:26 +0000 (21:26 -0600)]
Update: Add f_conversion unit tests.
There are far more permutations than what are handled within this commit.
Focus on only the most basic set of checks to write the unit tests for.
There are problems with mocking fwrite_unlocked() via the wrap strategy used by the linker.
I do not know why this is not working so I commented out the code and moved on.
Several problems are exposed and are solved.
- This exposed the fwrite_unlocked() return results problems.
- Add support for big endian (untested).
- Zero values are not correctly built (see below).
Make sure to count the zero number as a single digit.
Get rid of the "used" count and rely only on the digits.
Do not include the 0 digit when determining the padding.
Change the prefix append function to accommodate 0 and consistently call the prefix append function.
Kevin Day [Mon, 24 Jan 2022 01:33:55 +0000 (19:33 -0600)]
Update: Fix incorrect documentation and remove pointless code.
The documentation for some functions do not accurately reflect what the documentation does.
This is likely a copy and paste over sight.
The f_string_dynamic_resize() is adding one to destination->used.
It then updates the used to be that new number minus one.
This is pointless.
Don't bother with the "total" variable at all.
Also use the F_memory_default_allocation_small_d by rather than 1 when resizing.
Kevin Day [Wed, 19 Jan 2022 00:37:32 +0000 (18:37 -0600)]
Update: Use libc functions more in f_color.
The f_string_dynamic_increase_by() guarantees the size is allocated.
The f_string_dynamic_append() doesn't need to be called when the simple memcpy() can be directly called.
Doing this saves the status check and the additional function calls.
This likely increases performance but this performance increase potential has neither been tested nor confirmed.
Kevin Day [Mon, 17 Jan 2022 17:44:14 +0000 (11:44 -0600)]
Bugfix: The f_console project after writing unit tests.
Rename has_values to values_total to better communicate the intent of the property.
Expand out the macros across lines.
In f_console_identify() the strnlen() function is not properly handling when the character pointer is NULL, resulting in a segfault.
While this might be considered a bug in strnlen(), just make sure that a NULL pointer is not sent to strnlen().
Kevin Day [Mon, 17 Jan 2022 05:28:08 +0000 (23:28 -0600)]
Cleanup: Add back the two spaces before the "-" in the comments.
When in the comments with the " * " at the start, the behavior of not having the extra space seems fine.
When looking at the documentation and specification FSS files, I find that it is easier to read with the extra spaces.
I have decided to switch back and follow what I am doing in the documentation and specification FSS files.
This makes the style more consistent.
Kevin Day [Mon, 17 Jan 2022 03:01:44 +0000 (21:01 -0600)]
Update: Rewrite f_color functions and use f_string_static_t instead of f_string_t for global constant strings.
Switch to using the f_string_static_t so that the size does not have to be constantly tested via an strnlen() or similar call.
The f_string_static_t by default uses 64-bit types for size and used so there may be a performance hit due to this over the normal 32-bit numbers in strnlen().
Originally macros were used to reduce code repition.
This was done long before I decided to make f_string an exception that can be depended on by all level 0 projects.
The dynamic string functions can now be used, significantly simplifying the code.
The macros can be replaced with functions 1 through 5 to allow for only passing the required arguments.
This should reduce the cost of the function call by having fewer arguments when not necessary to have them.
The documentation comments are now present when they were not before.
Change the order of the function parameters to be more consistent with the latest practices.
Kevin Day [Sun, 16 Jan 2022 22:52:25 +0000 (16:52 -0600)]
Cleanup: Add additional initializer for f_string_static_t to allow initializing all parts.
Another acceptable practice is to set the used to some value greater than zero and size to zero to better designate that this is a static string and is not dynamically allocated.
Kevin Day [Sun, 16 Jan 2022 21:15:09 +0000 (15:15 -0600)]
Cleanup: Rename f_account functions in attempt to be easier to read.
I originally tried to group the logic by "name" and "id".
This becomes confusing when there is "group name" and "user name" or "group id" and "user id".
The function name with the structure "f_account_id_group_by_name" is intended to be understood as get id of group by name for account.
However, because account is in front (part of f_account) it could be easily misread as get account id by name with some spurious "group" injected.
This is clearly a bad interpretation but that interpretation is easy to think of.
Drop "user" because "account" and "user" should be synonymous.
Move "group" to the left in all cases to designate that this is about "group" associated with account.
Now f_account_group_id_by_name sounds more like get id of group by name for account.