- 18 Jun, 2019 1 commit
-
-
Kenton Varda authored
Consider a capnp streaming type that wraps a kj::AsyncOutputStream. KJ streams require the caller to avoid doing multiple writes at once. Capnp streaming conveniently guarantees only one streaming call will be delivered at a time. This is great because it means the app does not have to do its own queuing of writes. However, the app may want to use a CapabilityServerSet to unwrap the capability and get at the underlying KJ stream to optimize by writing to it directly. However, before it can issue a direct write, it has to wait for all RPC writes to complete. These RPC writes were probably issued by the same caller, before it realized it was talking to a local cap. Unfortunately, it can't just wait for those calls it issued to complete, because streaming flow control may have made them appear to complete long ago, when they're actually still in the server's queue. How does the app make sure that the directly-issued writes don't overlap with RPC writes? We can solve this by making CapabilityServerSet::getLocalServer() delay until all in-flight stream calls are complete before unwrapping. Now, the app can simply make sure that any requests it issued over RPC in the past completed before it starts issuing direct requests.
-
- 25 Aug, 2018 1 commit
-
-
Kenton Varda authored
-
- 18 Aug, 2018 1 commit
-
-
Kenton Varda authored
-
- 12 Aug, 2018 1 commit
-
-
Kenton Varda authored
-
- 30 Jun, 2018 1 commit
-
-
Nils Fenner authored
-
- 28 Dec, 2017 1 commit
-
-
Kenton Varda authored
-
- 23 Oct, 2017 1 commit
-
-
Kenton Varda authored
-
- 12 Oct, 2017 1 commit
-
-
Edward Catmur authored
It is invalid to pass null as a pointer argument to memcpy/memcmp/memset, even if the count argument is zero: > Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values [...] Detected by -fsanitize=nonnull-attribute.
-
- 03 Sep, 2017 1 commit
-
-
David Renshaw authored
-
- 18 Jul, 2017 1 commit
-
-
Edward Catmur authored
-
- 07 Jul, 2017 1 commit
-
-
Edward Catmur authored
[ 66%] Linking CXX executable capnpc-c++ cd /home/edward.catmur/build/capnproto@master/c++/src/capnp && /usr/local/bin/cmake -E cmake_link_script CMakeFiles/capnpc_cpp.dir/link.txt --verbose=1 /usr/lib64/icecc/bin/c++ -fsanitize=vptr CMakeFiles/capnpc_cpp.dir/compiler/capnpc-c++.c++.o -o capnpc-c++ -rdynamic libcapnp.a ../kj/libkj.a -lpthread libcapnp.a(layout.c++.o):(.data+0x38): undefined reference to `typeinfo for capnp::ClientHook' libcapnp.a(layout.c++.o):(.data+0x3b8): undefined reference to `typeinfo for capnp::ClientHook' collect2: error: ld returned 1 exit status $ g++ --version g++ (GCC) 5.4.0 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
- 26 Apr, 2017 1 commit
-
-
Kenton Varda authored
-
- 24 Apr, 2017 1 commit
-
-
David Renshaw authored
-
- 21 Apr, 2017 1 commit
-
-
Kenton Varda authored
-
- 20 Apr, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 19 Apr, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 16 Apr, 2017 1 commit
-
-
Kenton Varda authored
Refactor bounds checks to avoid ever creating out-of-bounds pointer values, which is technically UB even if not dereferenced.
-
- 11 Apr, 2017 1 commit
-
-
Kenton Varda authored
This eliminates a TODO(soon).
-
- 07 Apr, 2017 2 commits
-
-
Kenton Varda authored
-
Kenton Varda authored
This includes making builders a little more tolerant of corrupt data. Note that our threat model generally does not expect this tolerance -- we expect that builders always contain either structures created locally or copied in from a reader, which does a certain amount of validation in itself.
-
- 30 Mar, 2017 4 commits
-
-
Kenton Varda authored
-
Kenton Varda authored
-
Kenton Varda authored
-
Kenton Varda authored
TODO: - Rename Guarded to Bounded? - Consider bounded array (where size and indexes are bounded quantities). - Implement non-CAPNP_DEBUG_TYPES fallback. - Don't allow casting kj::maxValue to bounded type, this won't work right when not using debug types! - Verify that this change doesn't hurt performance.
-
- 27 Mar, 2017 1 commit
-
-
Kenton Varda authored
-
- 24 Mar, 2017 1 commit
-
-
Kenton Varda authored
See: https://capnproto.org/news/2015-03-02-security-advisory-and-integer-overflow-protection.html This commit as-is is the result of wading through two years of merge conflicts. It does not build as-is because new code added in that time hasn't been converted over.
-
- 19 Mar, 2017 1 commit
-
-
Kenton Varda authored
-
- 11 Mar, 2017 1 commit
-
-
David Renshaw authored
-
- 10 Mar, 2017 1 commit
-
-
David Renshaw authored
-
- 09 Mar, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 08 Mar, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 07 Mar, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 27 Feb, 2017 2 commits
-
-
David Renshaw authored
-
David Renshaw authored
-
- 26 Feb, 2017 1 commit
-
-
David Renshaw authored
The existing error message suggests this case can only arise if there is a a bug in the library. However, malformed input can trigger the error too. In particular, the error gets thrown when a non-double far pointer resolves to another far pointer.
-