Commit Graph

136 Commits

Author SHA1 Message Date
Norman Feske
0eefe2d872 gems/vfs_font: improve glyph bb sanity check
Issue #5374
2024-11-20 08:58:39 +01:00
Norman Feske
ec1316e1cb gems/vfs_font: sanity-check glyph against font bb
When using the fonts_fs, the geometry of individual glyphs can change
potentially at any time, after having obtained font-global constraints
once. In particular, a glyph can exceed the bounding box of the font
cell. The VFS font utility must take safety precautions against such
violations.

Fixes #5374
2024-11-05 12:03:17 +01:00
Norman Feske
5b4e1915d8 framebuffer_session: accessors for buffer surfaces
This patch adds central and safe utilities for accessing the distinct
parts of the virtual framebuffer to relieve clients from pointer
calculations.

Issue #5351
2024-10-08 09:09:24 +02:00
Norman Feske
e738162bde framebuffer_session: alpha as Mode attribute
Propagate the want of an alpha channel as attribute of Framebuffer::Mode
instead of passing this property as a separate bool argument.

This clears the way for adding useful accessors for pixel/alpha/input
surfaces to the Mode type as a subsequent step.

Issue #5351
2024-10-08 09:09:23 +02:00
Norman Feske
6522158caa gems/gui_buffer.h: atomic back-to-front blitting
This patch updates menu_view, themed_decorator, and rom_osci to use the
new frame-buffer blit operation, mitigating tearing artifacts

Issue #5350
2024-10-08 09:09:23 +02:00
Norman Feske
b3ac8c5bd8 dialog: increase caps for sandboxed_runtime
With the reworked accounting of GUI-session resources, the default
of 100 caps for menu_view does not suffice.

Issue #5340
2024-10-08 09:09:23 +02:00
Norman Feske
f98c356efd gui_session: manage view ID at the client side
This patch moves the management of view IDs from the server to the
client side. The former 'create_view' and 'create_child_view'
operations do no longer return a view ID but take a view ID as
argument. While changing those operations, this patch takes the
opportunity to allow for initial view attributes. Combined, those
changes simplify the window manager while accommodating typical
client use cases with less code.

To ease the client-side ID management, the Gui::Connection hosts
a 'view_ids' ID space for optional use. E.g., the new 'Top_level_view'
class uses this ID space for ID allocation. This class accommodates the
most typical use case of opening a single window.

The 'alloc_view_id' RPC function is no longer needed.

Issue #5242
2024-08-27 15:29:38 +02:00
Norman Feske
24378ac873 gui_session: rename View_handle to View_id
The former Gui::Session::View_handle is not called Gui::View_id.

Issue #5242
2024-08-27 15:29:38 +02:00
Norman Feske
f274ed549e gui_session: distinguish view-stacking operations
This patch eliminates the use of invalid view handles as special
Session::Command arguments. The TO_FRONT and TO_BACK operations
interpreted as invalid neighbor as top-most or back-most position.
Those corner cases are now expressed via dedicated commands. The
new stacking commands are FRONT, BACK, FRONT_OF, and BEHIND_OF.

While changing the command interface, the patch removes the OP_
prefix from the opcode values.

Issue #5242
2024-08-27 15:29:38 +02:00
Norman Feske
b0803eabdb gui_session: simplify input/framebuffer aggregate
- Rename framebuffer_session to framebuffer and
  input_session to input as those RPC interfaces are no longer
  meant to be used as stand-alone sessions.

- Host Connection::input and Connection::framebuffer as public
  members, thereby removing the use of pointers. This simplifies
  the client-sized code. E.g., '_gui.input()->pending()' becomes
  '_gui.input.pending()'.

Issue #5242
2024-08-27 15:29:37 +02:00
Norman Feske
19c13877ca Replace use of 'typedef' by 'using'
Issue #5227
2024-07-02 12:00:11 +02:00
Norman Feske
7de2f57ef2 Remove Xml_node::attribute accessors
This patch removes the two 'Xml_node::attribute' accessors along with
the 'Nonexistent_attribute' exception.

Issue #5245
Fixes #5246
2024-06-20 12:56:19 +02:00
Norman Feske
a70354cb18 Remove gems/wrapped_gui_session.h
This utility is no longer used.
2024-06-20 12:54:30 +02:00
Norman Feske
c629c54153 Make util/geometry.h C++20 friendly
- Move header to base/include to make it applicable for base types
  like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
  common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
  area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
  replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.

Fixes #5239
2024-06-20 12:54:30 +02:00
Norman Feske
bb06d879aa os: make 'Genode::Color' C++20 friendly
This patch turns 'Color' from a class to a POD type by replacing
the constructors by the named create functions 'rgb', 'clamped_rgb',
and 'clamped_rgba'. It thereby enables the initialization of Color
values using { .r = ... } syntax and makes the type usable in const
expressions.

It also narrows the type for color components and alpha values to
uint8_t. So possible integer overflows of computed values are detected
by -Wconversion.

As 'Color::rgb(0, 0, 0)' is repeatedly used as a default value, the
patch adds the 'Color::black()' function.

Fixes #5238
2024-06-20 12:54:30 +02:00
Norman Feske
9ce7c72c7c dialog: use one menu_view for multiple dialogs
Issue #5170
2024-04-12 15:08:00 +02:00
Christian Prochaska
a1b5ebeb09 depot_query: add support for bin and dbg archives
Fixes #5110
2024-02-26 08:59:09 +01:00
Norman Feske
4a5632ab6d dialog: support view attribs in sandboxed_runtime
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.

Issue #5008
2023-11-28 14:44:28 +01:00
Norman Feske
0f54ad8e26 dialog: add text-area widget
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.

Fixes #5058
2023-11-28 14:44:28 +01:00
Norman Feske
e326371762 gems: make gems/dynamic_array.h publicly available
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.

Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
40c0db2e8d dialog: add Sandboxed_runtime::View::if_hovered
Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
9fae8a7532 dialog: support Sandboxed_runtime::Event_handler
This allows applications to get hold of the raw input events,
in particular keyboard input.

Issue #5008
2023-11-28 14:24:26 +01:00
Norman Feske
1490c58f8b dialog: Hosted::if_hovered method
This method allows for the inquiry of the current hovering state,
e.g., to suppress an update of the Wifi accesspoint list while
the list is hovered.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
fa6c7204cd dialog: allow custom 'Select_button' attributes
This is useful to conditionally set the style to "unimportant", or to
use text other than the widget Id::Value.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
133cbd272e dialog: make 'click()' const wherever possible
This eases the use of, e.g., 'Select_button' as temporary variable.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
ec60011852 dialog: let 'Scope::widget' take 'hosted' as const
This eases the use of temporary 'Hosted' objects. The 'view' code path
is not expected to modify any state.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
1aba8182a4 dialog: pass value to Select_button::click
This eliminates the need to distinguish enum values in the body of the
handler, easing the forwarding of the selected value.

Issue #5008
Issue #5053
2023-11-28 14:24:26 +01:00
Norman Feske
4fdc999087 Dialog API
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.

Issue #5008
2023-10-04 13:22:06 +02:00
Martin Stein
aeb65d6b1b file_vault: version 23.05
* ARM support and detaching from Ada/SPARK

  * Remove all CBE-related code - especially the Ada/SPARK-based CBE library.

    * We have no means or motivation of further maintaining big projects in
      Ada/SPARK (the core Genode team is native to C++).

    * The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
      important architecture for Genode. This would mean extra commitment in
      Ada/SPARK.

    * We realize that block encryption more and more becomes a fundamental
      feature of Genode systems.

  * Implement a new block encryption library named Tresor that is inspired by
    the design and feature set of the former CBE library and that is entirely
    C++ and part of the Genode gems repository.

    * The Tresor block encryption is backwards-compatible with the on-disk
      data layout of the former CBE block encryption.

    * Except from the snapshot management and the "dump" tool, the Tresor
      block encryption provides the same feature set as the former CBE block
      encryption and accepts the same user requests at the level of the
      Tresor library API.

    * So far, the Tresor block encryption does not support the creation of
      user-defined snapshots.

    * In contrast to the former CBE, the Tresor ecosystem has
      no "dump" tool beause with the CBE library it turned out to be rarely of
      use.

    * In contrast to the Block back-end of the CBE "init" tool, the Tresor
      "init" tool uses a File System back-end.

    * The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.

      * The Tresor-VFS plugin in general is similar to the former CBE VFS but
        has a slightly different API when it comes to re-keying and re-sizing.
        Each of these operations now is controlled via two files. The first
        file is named <operation> and the user writes the start command to it.
        The user must then read this file once in order to drive the operation.
        The read returns the result of the operation, once it is finished.
        The second file is named <operation>_progress and can be watched and
        read for obtaining the progress of the operation as percentage.

    * The file vault is adapted to use the new Tresor ecosystem
      instead of the former CBE ecosystem and thereby also gains ARM support.

    * The former CBE tester and CBE VFS-tests are replaced by equivalent
      Tresor variants and are now run on ARM as well (testing with a persistent
      storage back-end is supported only when running on Linux).

    * So far, the new Tresor block encryption has no internal cache for meta
      data blocks like the former CBE.

* Add config/report user interface

  * Add a second option for the administration front end to the file vault
    named "config and report". With this front end the File Vault communicates
    with the user via XML strings. A ROM session is requested for user input
    and a Report session for user output. The front end type must be set at
    startup via the component config and is a static setting. The graphical
    front end that was used up to now is named "menu view" and remains the
    default.

  * The File Vault can now reflect its internal state and user input ("config
    and report" mode only) at the LOG session via two new static config
    attributes "verbose_state" and "verbose_ui_config" (both defaulting to
    "no").

  * The Shutdown button in "menu view" mode is replaced with a Lock button. The
    new button doesn't terminate the File Vault but merely lock the encrypted
    container and return to a cleared passphrase input. The same transition is
    also provided in "config and report" mode.

  * The file_vault.run script is replaced with file_vault_menu_view.run and
    file_vault_cfg_report.run that address the two front end modes. In contrast
    to the former script, which is interactive, the latter script is suitable
    for automatic testing.

  * There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
    the same as file_vault_cfg_report.run but uses the File Vault package and
    can be executed with the Depot Autopilot. The new test package is added to
    the default test list of depot_autopilot.run

  * The File Vault README is updated to the new version of the component and
    has gained a chapter "functional description".

  * Fixes a regression with the cbe_init_trust_anchor component that prevented
    reacting to a failed unlock attempt in the File Vault.

* The new Tresor software Trust Anchor has an optional deterministic mode in
  which it replaces the normally randomized symmetric keys with 0. This mode
  comes in handy for debugging. However, it should never be activated in
  productive systems. When activated, the user is warned extensively on the
  LOG that this system mode is insecure.

Ref #4819
2023-05-30 12:03:32 +02:00
Norman Feske
b0e52ba7d4 util/misc_math.h: remove abs function
Fixes #4766
2023-02-27 08:22:49 +01:00
Norman Feske
bdf47785b8 vfs: remove 'file_size' from read/write interfaces
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.

Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.

This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.

Issue #4706
2023-02-27 08:22:49 +01:00
Norman Feske
d26770eb40 gems/gui_buffer.h: grammar fix in comment 2023-02-27 08:22:47 +01:00
Norman Feske
677c8e828c depot_download,depot_query: support system images
This patch enhances the depot_download subsystem with support for
downloading and querying system images.

The installation ROM support the following two now download types:

  <image_index path="<user>/image/index"/>
  <image       path="<user>/image/<name>"/>

Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:

  <images      user="..."/>
  <image_index user="..."/>

If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.

The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.

Issue #4744
2023-02-27 08:22:47 +01:00
Norman Feske
7ada79b5ca Don't use deprecated Readonly_file::read variants
Issue #4745
2023-02-27 08:22:46 +01:00
Norman Feske
3447d0ccb9 menu_view: avoid flicker when enlarging the view
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.

This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.

Related to #4592
2023-02-27 08:22:46 +01:00
Norman Feske
74e6370187 cbe/vfs/trust_anchor_vfs.h: avoid 'Constructible' 2023-01-24 12:07:30 +01:00
Norman Feske
909c3571e3 vfs/cbe: Remove use of Io_response_handler
The patch also touches app/cbe_init because it depends on the
public cbe/vfs/trust_anchor_vfs.h header.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
9a2c03d2c6 vfs: remove Read_result::READ_ERR_INTERRUPT
The error condition was too vague and thereby remained unused in
practice.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
ba78cf72ae vfs: remove Read_result::READ_ERR_AGAIN
The condition is covered by READ_ERR_WOULD_BLOCK.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
cf87b0fadb vfs: simplify File_io_service::write return values
This patch removes the 'Insufficient_buffer' exception by returning the
WRITE_ERR_WOULD_BLOCK result value instead. It also eliminates the
superfluous WRITE_ERR_AGAIN and WRITE_ERR_INTERRUPT codes.

Issue #4697
2023-01-24 12:07:28 +01:00
Norman Feske
c0e303632e gems: fix clipping in polygon_gfx/line_painter.h
This clipping check happened to wrongly test the surface's clipping area
instead of the by 1x1 pixel reduced 'clip' rectangle.
2022-09-21 12:19:10 +02:00
Johannes Schlatow
7d143087c9 xml_node: change with_sub_node signature
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.

genodelabs/genode#4600
2022-09-19 14:00:33 +02:00
Norman Feske
2772abc8d7 menu_view: configurable alpha channel and bg color
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.

The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.

The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.

Fixes #4592
2022-08-31 09:32:09 +02:00
Johannes Schlatow
ef742001e8 trace_recorder: implementation
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
758ba3855e trace: add types for trace_recorder policies
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Johannes Schlatow
062881a484 trace: add types for ctf tracing
genodelabs/genode#4352
2022-08-17 12:03:26 +02:00
Piotr Tworek
05e4993d2e gems: Avoid flexible array member in Cached_font.
Switch the code to 0 lengh array instead. The code in
Lru_cache::element_size calls sizeof on this structure. This works in
gcc, but fails when using clang. Even for GCC however the documentation
states:

  "Flexible array members have incomplete type, and so the sizeof operator
   may not be applied. As a quirk of the original implementation of
   zero-length arrays, sizeof evaluates to zero."

Basically its an implementation quirk that clang does not support. Both
GCC and clang do support zero sized arrays however so using them here
allows both compilers to process this code.

Ref: https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html

Issue #4421
2022-02-15 10:23:58 +01:00
Norman Feske
62b4871c5c Remove gems/magic_ring_buffer.h
Since its introduction four years ago, the utility remained
largely unused.

Fixes #4403
2022-02-15 10:17:28 +01:00
Norman Feske
8a1675e12e gems: avoid implicit conversions
Issue #23
2021-12-17 15:04:46 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00