2019-05-24 18:27:18 -04:00
const std = @import ( " std.zig " ) ;
2021-10-04 23:47:27 -07:00
const builtin = @import ( " builtin " ) ;
2019-05-26 23:35:26 -04:00
const fs = std . fs ;
2019-05-24 18:27:18 -04:00
const mem = std . mem ;
2019-05-26 13:17:34 -04:00
const math = std . math ;
2019-05-24 18:27:18 -04:00
const Allocator = mem . Allocator ;
const assert = std . debug . assert ;
const testing = std . testing ;
2024-03-18 22:39:59 -07:00
const native_os = builtin . os . tag ;
const posix = std . posix ;
const windows = std . os . windows ;
2024-05-23 11:25:41 -07:00
const unicode = std . unicode ;
2019-05-24 18:27:18 -04:00
2024-05-23 11:25:41 -07:00
pub const Child = @import ( " process/Child.zig " ) ;
2024-03-18 22:39:59 -07:00
pub const abort = posix . abort ;
pub const exit = posix . exit ;
pub const changeCurDir = posix . chdir ;
2025-01-17 00:22:13 -06:00
pub const changeCurDirZ = posix . chdirZ ;
2024-03-18 22:39:59 -07:00
pub const GetCwdError = posix . GetCwdError ;
2019-05-24 18:27:18 -04:00
2019-05-26 23:35:26 -04:00
/// The result is a slice of `out_buffer`, from index `0`.
2025-10-10 17:18:34 +00:00
/// On Windows, the result is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2024-02-13 16:56:50 -08:00
/// On other platforms, the result is an opaque sequence of bytes with no particular encoding.
2025-11-19 04:09:54 -08:00
pub fn getCwd ( out_buffer : [ ] u8 ) GetCwdError ! [ ] u8 {
2024-03-18 22:39:59 -07:00
return posix . getcwd ( out_buffer ) ;
2019-05-26 23:35:26 -04:00
}
2025-11-19 04:09:54 -08:00
// Same as GetCwdError, minus error.NameTooLong + Allocator.Error
pub const GetCwdAllocError = Allocator . Error || error { CurrentWorkingDirectoryUnlinked } || posix . UnexpectedError ;
2024-03-18 22:39:59 -07:00
2019-05-26 23:35:26 -04:00
/// Caller must free the returned memory.
2025-10-10 17:18:34 +00:00
/// On Windows, the result is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2024-02-13 16:56:50 -08:00
/// On other platforms, the result is an opaque sequence of bytes with no particular encoding.
2025-11-19 04:09:54 -08:00
pub fn getCwdAlloc ( allocator : Allocator ) GetCwdAllocError ! [ ] u8 {
2024-05-02 20:20:41 -07:00
// The use of max_path_bytes here is just a heuristic: most paths will fit
2020-03-28 00:12:40 -05:00
// in stack_buf, avoiding an extra allocation in the common case.
2024-05-02 20:20:41 -07:00
var stack_buf : [ fs . max_path_bytes ] u8 = undefined ;
2020-03-28 00:12:40 -05:00
var heap_buf : ? [ ] u8 = null ;
defer if ( heap_buf ) | buf | allocator . free ( buf ) ;
var current_buf : [ ] u8 = & stack_buf ;
while ( true ) {
2024-03-18 22:39:59 -07:00
if ( posix . getcwd ( current_buf ) ) | slice | {
2020-07-04 13:44:28 +02:00
return allocator . dupe ( u8 , slice ) ;
2020-05-29 16:39:47 -04:00
} else | err | switch ( err ) {
2020-03-28 00:12:40 -05:00
error . NameTooLong = > {
// The path is too long to fit in stack_buf. Allocate geometrically
// increasing buffers until we find one that works
const new_capacity = current_buf . len * 2 ;
if ( heap_buf ) | buf | allocator . free ( buf ) ;
current_buf = try allocator . alloc ( u8 , new_capacity ) ;
heap_buf = current_buf ;
} ,
2020-05-29 16:39:47 -04:00
else = > | e | return e ,
2020-03-28 00:12:40 -05:00
}
}
2019-05-26 23:35:26 -04:00
}
2023-10-06 21:29:08 -07:00
test getCwdAlloc {
2024-03-18 22:39:59 -07:00
if ( native_os == . wasi ) return error . SkipZigTest ;
Add/fix missing WASI functionality to pass libstd tests
This rather large commit adds/fixes missing WASI functionality
in `libstd` needed to pass the `libstd` tests. As such, now by
default tests targeting `wasm32-wasi` target are enabled in
`test/tests.zig` module. However, they can be disabled by passing
the `-Dskip-wasi=true` flag when invoking the `zig build test`
command. When the flag is set to `false`, i.e., when WASI tests are
included, `wasmtime` with `--dir=.` is used as the default testing
command.
Since the majority of `libstd` tests were relying on `fs.cwd()`
call to get current working directory handle wrapped in `Dir`
struct, in order to make the tests WASI-friendly, `fs.cwd()`
call was replaced with `testing.getTestDir()` function which
resolved to either `fs.cwd()` for non-WASI targets, or tries to
fetch the preopen list from the WASI runtime and extract a
preopen for '.' path.
The summary of changes introduced by this commit:
* implement `Dir.makeDir` and `Dir.openDir` targeting WASI
* implement `Dir.deleteFile` and `Dir.deleteDir` targeting WASI
* fix `os.close` and map errors in `unlinkat`
* move WASI-specific `mkdirat` and `unlinkat` from `std.fs.wasi`
to `std.os` module
* implement `lseek_{SET, CUR, END}` targeting WASI
* implement `futimens` targeting WASI
* implement `ftruncate` targeting WASI
* implement `readv`, `writev`, `pread{v}`, `pwrite{v}` targeting WASI
* make sure ANSI escape codes are _not_ used in stderr or stdout
in WASI, as WASI always sanitizes stderr, and sanitizes stdout if
fd is a TTY
* fix specifying WASI rights when opening/creating files/dirs
* tweak `AtomicFile` to be WASI-compatible
* implement `os.renameatWasi` for WASI-compliant `os.renameat` function
* implement sleep() targeting WASI
* fix `process.getEnvMap` targeting WASI
2020-05-05 17:23:49 +02:00
2020-01-31 19:06:50 -06:00
const cwd = try getCwdAlloc ( testing . allocator ) ;
testing . allocator . free ( cwd ) ;
2019-05-26 23:35:26 -04:00
}
2022-02-04 12:08:38 -07:00
pub const EnvMap = struct {
hash_map : HashMap ,
const HashMap = std . HashMap (
[ ] const u8 ,
[ ] const u8 ,
EnvNameHashContext ,
std . hash_map . default_max_load_percentage ,
) ;
2022-02-04 23:42:10 -07:00
pub const Size = HashMap . Size ;
2022-02-04 12:08:38 -07:00
pub const EnvNameHashContext = struct {
2022-02-04 22:36:24 -07:00
fn upcase ( c : u21 ) u21 {
if ( c <= std . math . maxInt ( u16 ) )
2024-03-18 22:39:59 -07:00
return windows . ntdll . RtlUpcaseUnicodeChar ( @as ( u16 , @intCast ( c ) ) ) ;
2022-02-04 22:36:24 -07:00
return c ;
}
2022-02-04 12:08:38 -07:00
pub fn hash ( self : @This ( ) , s : [ ] const u8 ) u64 {
_ = self ;
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2022-02-04 23:42:10 -07:00
var h = std . hash . Wyhash . init ( 0 ) ;
2024-05-23 11:25:41 -07:00
var it = unicode . Wtf8View . initUnchecked ( s ) . iterator ( ) ;
2022-02-04 22:36:24 -07:00
while ( it . nextCodepoint ( ) ) | cp | {
const cp_upper = upcase ( cp ) ;
h . update ( & [ _ ] u8 {
2023-06-22 18:46:56 +01:00
@as ( u8 , @intCast ( ( cp_upper >> 16 ) & 0xff ) ) ,
@as ( u8 , @intCast ( ( cp_upper >> 8 ) & 0xff ) ) ,
@as ( u8 , @intCast ( ( cp_upper >> 0 ) & 0xff ) ) ,
2022-02-04 22:36:24 -07:00
} ) ;
2022-02-04 12:08:38 -07:00
}
return h . final ( ) ;
}
return std . hash_map . hashString ( s ) ;
}
2022-02-04 22:36:24 -07:00
2022-02-04 12:08:38 -07:00
pub fn eql ( self : @This ( ) , a : [ ] const u8 , b : [ ] const u8 ) bool {
_ = self ;
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2024-05-23 11:25:41 -07:00
var it_a = unicode . Wtf8View . initUnchecked ( a ) . iterator ( ) ;
var it_b = unicode . Wtf8View . initUnchecked ( b ) . iterator ( ) ;
2022-02-04 22:36:24 -07:00
while ( true ) {
const c_a = it_a . nextCodepoint ( ) orelse break ;
const c_b = it_b . nextCodepoint ( ) orelse return false ;
if ( upcase ( c_a ) != upcase ( c_b ) )
return false ;
}
2022-02-06 23:30:06 -07:00
return if ( it_b . nextCodepoint ( ) ) | _ | false else true ;
2022-02-04 12:08:38 -07:00
}
return std . hash_map . eqlString ( a , b ) ;
}
2022-01-16 20:11:08 -08:00
} ;
2022-02-04 12:08:38 -07:00
/// Create a EnvMap backed by a specific allocator.
/// That allocator will be used for both backing allocations
/// and string deduplication.
pub fn init ( allocator : Allocator ) EnvMap {
return EnvMap { . hash_map = HashMap . init ( allocator ) } ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Free the backing storage of the map, as well as all
/// of the stored keys and values.
pub fn deinit ( self : * EnvMap ) void {
var it = self . hash_map . iterator ( ) ;
2022-01-16 20:11:08 -08:00
while ( it . next ( ) ) | entry | {
2022-02-04 12:08:38 -07:00
self . free ( entry . key_ptr .* ) ;
self . free ( entry . value_ptr .* ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
self . hash_map . deinit ( ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Same as `put` but the key and value become owned by the EnvMap rather
/// than being copied.
/// If `putMove` fails, the ownership of key and value does not transfer.
2025-10-10 17:18:34 +00:00
/// On Windows `key` must be a valid [WTF-8](https://wtf-8.codeberg.page/) string.
2022-02-04 12:08:38 -07:00
pub fn putMove ( self : * EnvMap , key : [ ] u8 , value : [ ] u8 ) ! void {
2024-05-23 11:25:41 -07:00
assert ( unicode . wtf8ValidateSlice ( key ) ) ;
2022-02-04 12:08:38 -07:00
const get_or_put = try self . hash_map . getOrPut ( key ) ;
if ( get_or_put . found_existing ) {
self . free ( get_or_put . key_ptr .* ) ;
self . free ( get_or_put . value_ptr .* ) ;
get_or_put . key_ptr .* = key ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
get_or_put . value_ptr .* = value ;
}
/// `key` and `value` are copied into the EnvMap.
2025-10-10 17:18:34 +00:00
/// On Windows `key` must be a valid [WTF-8](https://wtf-8.codeberg.page/) string.
2022-02-04 12:08:38 -07:00
pub fn put ( self : * EnvMap , key : [ ] const u8 , value : [ ] const u8 ) ! void {
2024-05-23 11:25:41 -07:00
assert ( unicode . wtf8ValidateSlice ( key ) ) ;
2022-02-04 12:08:38 -07:00
const value_copy = try self . copy ( value ) ;
errdefer self . free ( value_copy ) ;
const get_or_put = try self . hash_map . getOrPut ( key ) ;
if ( get_or_put . found_existing ) {
self . free ( get_or_put . value_ptr .* ) ;
} else {
get_or_put . key_ptr .* = self . copy ( key ) catch | err | {
_ = self . hash_map . remove ( key ) ;
return err ;
2022-01-16 20:11:08 -08:00
} ;
}
2022-02-04 12:08:38 -07:00
get_or_put . value_ptr .* = value_copy ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Find the address of the value associated with a key.
/// The returned pointer is invalidated if the map resizes.
2025-10-10 17:18:34 +00:00
/// On Windows `key` must be a valid [WTF-8](https://wtf-8.codeberg.page/) string.
2022-02-04 12:08:38 -07:00
pub fn getPtr ( self : EnvMap , key : [ ] const u8 ) ? * [ ] const u8 {
2024-05-23 11:25:41 -07:00
assert ( unicode . wtf8ValidateSlice ( key ) ) ;
2022-02-04 12:08:38 -07:00
return self . hash_map . getPtr ( key ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Return the map's copy of the value associated with
/// a key. The returned string is invalidated if this
/// key is removed from the map.
2025-10-10 17:18:34 +00:00
/// On Windows `key` must be a valid [WTF-8](https://wtf-8.codeberg.page/) string.
2022-02-04 12:08:38 -07:00
pub fn get ( self : EnvMap , key : [ ] const u8 ) ? [ ] const u8 {
2024-05-23 11:25:41 -07:00
assert ( unicode . wtf8ValidateSlice ( key ) ) ;
2022-02-04 12:08:38 -07:00
return self . hash_map . get ( key ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Removes the item from the map and frees its value.
/// This invalidates the value returned by get() for this key.
2025-10-10 17:18:34 +00:00
/// On Windows `key` must be a valid [WTF-8](https://wtf-8.codeberg.page/) string.
2022-02-04 12:08:38 -07:00
pub fn remove ( self : * EnvMap , key : [ ] const u8 ) void {
2024-05-23 11:25:41 -07:00
assert ( unicode . wtf8ValidateSlice ( key ) ) ;
2022-02-04 12:08:38 -07:00
const kv = self . hash_map . fetchRemove ( key ) orelse return ;
self . free ( kv . key ) ;
self . free ( kv . value ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Returns the number of KV pairs stored in the map.
pub fn count ( self : EnvMap ) HashMap . Size {
return self . hash_map . count ( ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
/// Returns an iterator over entries in the map.
pub fn iterator ( self : * const EnvMap ) HashMap . Iterator {
return self . hash_map . iterator ( ) ;
2022-01-16 20:11:08 -08:00
}
std.Build: don't force all children to inherit color option
The build runner was previously forcing child processes to have their
stderr colorization match the build runner by setting `CLICOLOR_FORCE`
or `NO_COLOR`. This is a nice idea in some cases---for instance a simple
`Run` step which we just expect to exit with code 0 and whose stderr is
not being programmatically inspected---but is a bad idea in others, for
instance if there is a check on stderr or if stderr is captured, in
which case forcing color on the child could cause checks to fail.
Instead, this commit adds a field to `std.Build.Step.Run` which
specifies a behavior for the build runner to employ in terms of
assigning the `CLICOLOR_FORCE` and `NO_COLOR` environment variables. The
default behavior is to set `CLICOLOR_FORCE` if the build runner's output
is colorized and the step's stderr is not captured, and to set
`NO_COLOR` otherwise. Alternatively, colors can be always enabled,
always disabled, always match the build runner, or the environment
variables can be left untouched so they can be manually controlled
through `env_map`.
Notably, this fixes a failure when running `zig build test-cli` in a
TTY (or with colors explicitly enabled). GitHub CI hadn't caught this
because it does not request color, but Codeberg CI now does, and we were
seeing a failure in the `zig init` test because the actual output had
color escape codes in it due to 6d280dc.
2025-11-13 09:46:57 +00:00
/// Returns a full copy of `em` allocated with `gpa`, which is not necessarily
/// the same allocator used to allocate `em`.
pub fn clone ( em : * const EnvMap , gpa : Allocator ) Allocator . Error ! EnvMap {
var new : EnvMap = . init ( gpa ) ;
errdefer new . deinit ( ) ;
// Since we need to dupe the keys and values, the only way for error handling to not be a
// nightmare is to add keys to an empty map one-by-one. This could be avoided if this
// abstraction were a bit less... OOP-esque.
try new . hash_map . ensureUnusedCapacity ( em . hash_map . count ( ) ) ;
var it = em . hash_map . iterator ( ) ;
while ( it . next ( ) ) | entry | {
try new . put ( entry . key_ptr .* , entry . value_ptr .* ) ;
}
return new ;
}
2022-02-04 12:08:38 -07:00
fn free ( self : EnvMap , value : [ ] const u8 ) void {
self . hash_map . allocator . free ( value ) ;
2022-01-16 20:11:08 -08:00
}
2022-02-04 12:08:38 -07:00
fn copy ( self : EnvMap , value : [ ] const u8 ) ! [ ] u8 {
return self . hash_map . allocator . dupe ( u8 , value ) ;
2022-01-16 20:11:08 -08:00
}
} ;
2024-03-13 15:56:09 -07:00
test EnvMap {
2022-01-16 20:11:08 -08:00
var env = EnvMap . init ( testing . allocator ) ;
defer env . deinit ( ) ;
try env . put ( " SOMETHING_NEW " , " hello " ) ;
try testing . expectEqualStrings ( " hello " , env . get ( " SOMETHING_NEW " ) .? ) ;
try testing . expectEqual ( @as ( EnvMap . Size , 1 ) , env . count ( ) ) ;
// overwrite
try env . put ( " SOMETHING_NEW " , " something " ) ;
try testing . expectEqualStrings ( " something " , env . get ( " SOMETHING_NEW " ) .? ) ;
try testing . expectEqual ( @as ( EnvMap . Size , 1 ) , env . count ( ) ) ;
// a new longer name to test the Windows-specific conversion buffer
try env . put ( " SOMETHING_NEW_AND_LONGER " , " 1 " ) ;
try testing . expectEqualStrings ( " 1 " , env . get ( " SOMETHING_NEW_AND_LONGER " ) .? ) ;
try testing . expectEqual ( @as ( EnvMap . Size , 2 ) , env . count ( ) ) ;
// case insensitivity on Windows only
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2022-01-16 20:11:08 -08:00
try testing . expectEqualStrings ( " 1 " , env . get ( " something_New_aNd_LONGER " ) .? ) ;
} else {
try testing . expect ( null == env . get ( " something_New_aNd_LONGER " ) ) ;
}
var it = env . iterator ( ) ;
var count : EnvMap . Size = 0 ;
while ( it . next ( ) ) | entry | {
2022-02-04 23:42:10 -07:00
const is_an_expected_name = std . mem . eql ( u8 , " SOMETHING_NEW " , entry . key_ptr .* ) or std . mem . eql ( u8 , " SOMETHING_NEW_AND_LONGER " , entry . key_ptr .* ) ;
2022-01-16 20:11:08 -08:00
try testing . expect ( is_an_expected_name ) ;
count += 1 ;
}
try testing . expectEqual ( @as ( EnvMap . Size , 2 ) , count ) ;
env . remove ( " SOMETHING_NEW " ) ;
try testing . expect ( env . get ( " SOMETHING_NEW " ) == null ) ;
try testing . expectEqual ( @as ( EnvMap . Size , 1 ) , env . count ( ) ) ;
2022-02-06 23:30:06 -07:00
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2024-02-13 16:56:50 -08:00
// test Unicode case-insensitivity on Windows
2022-02-06 23:30:06 -07:00
try env . put ( " КИРиллИЦА " , " something else " ) ;
try testing . expectEqualStrings ( " something else " , env . get ( " кириллица " ) .? ) ;
2024-02-13 16:56:50 -08:00
// and WTF-8 that's not valid UTF-8
2024-05-23 11:25:41 -07:00
const wtf8_with_surrogate_pair = try unicode . wtf16LeToWtf8Alloc ( testing . allocator , & [ _ ] u16 {
2024-02-13 16:56:50 -08:00
std . mem . nativeToLittle ( u16 , 0xD83D ) , // unpaired high surrogate
} ) ;
defer testing . allocator . free ( wtf8_with_surrogate_pair ) ;
try env . put ( wtf8_with_surrogate_pair , wtf8_with_surrogate_pair ) ;
try testing . expectEqualSlices ( u8 , wtf8_with_surrogate_pair , env . get ( wtf8_with_surrogate_pair ) .? ) ;
2022-02-06 23:30:06 -07:00
}
2022-01-16 20:11:08 -08:00
}
2024-02-13 16:56:50 -08:00
pub const GetEnvMapError = error {
OutOfMemory ,
/// WASI-only. `environ_sizes_get` or `environ_get`
/// failed for an unexpected reason.
Unexpected ,
} ;
2022-01-16 20:11:08 -08:00
/// Returns a snapshot of the environment variables of the current process.
2024-02-06 21:54:20 -05:00
/// Any modifications to the resulting EnvMap will not be reflected in the environment, and
2022-01-16 20:11:08 -08:00
/// likewise, any future modifications to the environment will not be reflected in the EnvMap.
/// Caller owns resulting `EnvMap` and should call its `deinit` fn when done.
2024-02-13 16:56:50 -08:00
pub fn getEnvMap ( allocator : Allocator ) GetEnvMapError ! EnvMap {
2022-01-16 20:11:08 -08:00
var result = EnvMap . init ( allocator ) ;
2019-05-24 18:27:18 -04:00
errdefer result . deinit ( ) ;
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
const ptr = windows . peb ( ) . ProcessParameters . Environment ;
2019-05-24 18:27:18 -04:00
var i : usize = 0 ;
2020-02-22 17:35:36 -05:00
while ( ptr [ i ] != 0 ) {
2019-05-24 18:27:18 -04:00
const key_start = i ;
2022-01-16 20:11:08 -08:00
// There are some special environment variables that start with =,
// so we need a special case to not treat = as a key/value separator
// if it's the first character.
// https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133
if ( ptr [ key_start ] == '=' ) i += 1 ;
2019-05-24 18:27:18 -04:00
while ( ptr [ i ] != 0 and ptr [ i ] != '=' ) : ( i += 1 ) { }
const key_w = ptr [ key_start .. i ] ;
2024-05-23 11:25:41 -07:00
const key = try unicode . wtf16LeToWtf8Alloc ( allocator , key_w ) ;
2022-02-04 23:35:22 -07:00
errdefer allocator . free ( key ) ;
2019-05-24 18:27:18 -04:00
if ( ptr [ i ] == '=' ) i += 1 ;
const value_start = i ;
while ( ptr [ i ] != 0 ) : ( i += 1 ) { }
const value_w = ptr [ value_start .. i ] ;
2024-05-23 11:25:41 -07:00
const value = try unicode . wtf16LeToWtf8Alloc ( allocator , value_w ) ;
2022-02-04 23:35:22 -07:00
errdefer allocator . free ( value ) ;
2019-05-24 18:27:18 -04:00
2022-01-16 20:11:08 -08:00
i += 1 ; // skip over null byte
2022-02-04 23:35:22 -07:00
try result . putMove ( key , value ) ;
}
2020-02-22 17:35:36 -05:00
return result ;
2024-03-18 22:39:59 -07:00
} else if ( native_os == . wasi and ! builtin . link_libc ) {
2019-05-24 18:27:18 -04:00
var environ_count : usize = undefined ;
var environ_buf_size : usize = undefined ;
2024-03-18 22:39:59 -07:00
const environ_sizes_get_ret = std . os . wasi . environ_sizes_get ( & environ_count , & environ_buf_size ) ;
2021-08-23 17:06:56 -07:00
if ( environ_sizes_get_ret != . SUCCESS ) {
2024-03-18 22:39:59 -07:00
return posix . unexpectedErrno ( environ_sizes_get_ret ) ;
2019-05-24 18:27:18 -04:00
}
2023-01-19 13:50:23 +08:00
if ( environ_count == 0 ) {
return result ;
}
2023-11-10 05:27:17 +00:00
const environ = try allocator . alloc ( [ * : 0 ] u8 , environ_count ) ;
2019-05-24 18:27:18 -04:00
defer allocator . free ( environ ) ;
2023-11-10 05:27:17 +00:00
const environ_buf = try allocator . alloc ( u8 , environ_buf_size ) ;
2019-05-24 18:27:18 -04:00
defer allocator . free ( environ_buf ) ;
2024-03-18 22:39:59 -07:00
const environ_get_ret = std . os . wasi . environ_get ( environ . ptr , environ_buf . ptr ) ;
2021-08-23 17:06:56 -07:00
if ( environ_get_ret != . SUCCESS ) {
2024-03-18 22:39:59 -07:00
return posix . unexpectedErrno ( environ_get_ret ) ;
2019-05-24 18:27:18 -04:00
}
for ( environ ) | env | {
2021-11-30 00:13:07 -07:00
const pair = mem . sliceTo ( env , 0 ) ;
2023-05-04 18:15:50 -07:00
var parts = mem . splitScalar ( u8 , pair , '=' ) ;
2022-07-25 21:04:30 +02:00
const key = parts . first ( ) ;
2022-12-29 17:38:19 -08:00
const value = parts . rest ( ) ;
2021-06-03 15:39:26 -05:00
try result . put ( key , value ) ;
2019-05-24 18:27:18 -04:00
}
return result ;
2020-02-22 15:59:13 -05:00
} else if ( builtin . link_libc ) {
var ptr = std . c . environ ;
2022-06-30 17:22:16 +03:00
while ( ptr [ 0 ] ) | line | : ( ptr += 1 ) {
2020-02-22 15:59:13 -05:00
var line_i : usize = 0 ;
while ( line [ line_i ] != 0 and line [ line_i ] != '=' ) : ( line_i += 1 ) { }
const key = line [ 0 .. line_i ] ;
var end_i : usize = line_i ;
while ( line [ end_i ] != 0 ) : ( end_i += 1 ) { }
const value = line [ line_i + 1 .. end_i ] ;
2021-06-03 15:39:26 -05:00
try result . put ( key , value ) ;
2020-02-22 15:59:13 -05:00
}
return result ;
2019-05-24 18:27:18 -04:00
} else {
2024-03-18 22:39:59 -07:00
for ( std . os . environ ) | line | {
2019-05-24 18:27:18 -04:00
var line_i : usize = 0 ;
2020-02-22 15:59:13 -05:00
while ( line [ line_i ] != 0 and line [ line_i ] != '=' ) : ( line_i += 1 ) { }
const key = line [ 0 .. line_i ] ;
2019-05-24 18:27:18 -04:00
var end_i : usize = line_i ;
2020-02-22 15:59:13 -05:00
while ( line [ end_i ] != 0 ) : ( end_i += 1 ) { }
const value = line [ line_i + 1 .. end_i ] ;
2019-05-24 18:27:18 -04:00
2021-06-03 15:39:26 -05:00
try result . put ( key , value ) ;
2019-05-24 18:27:18 -04:00
}
return result ;
}
}
2024-03-13 15:56:09 -07:00
test getEnvMap {
2022-01-16 20:11:08 -08:00
var env = try getEnvMap ( testing . allocator ) ;
2019-05-24 18:27:18 -04:00
defer env . deinit ( ) ;
}
pub const GetEnvVarOwnedError = error {
OutOfMemory ,
EnvironmentVariableNotFound ,
2024-02-13 16:56:50 -08:00
/// On Windows, environment variable keys provided by the user must be valid WTF-8.
2025-10-10 17:18:34 +00:00
/// https://wtf-8.codeberg.page/
2024-02-13 16:56:50 -08:00
InvalidWtf8 ,
2019-05-24 18:27:18 -04:00
} ;
/// Caller must free returned memory.
2025-10-10 17:18:34 +00:00
/// On Windows, if `key` is not valid [WTF-8](https://wtf-8.codeberg.page/),
2024-02-13 16:56:50 -08:00
/// then `error.InvalidWtf8` is returned.
2025-10-10 17:18:34 +00:00
/// On Windows, the value is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2024-02-13 16:56:50 -08:00
/// On other platforms, the value is an opaque sequence of bytes with no particular encoding.
2022-11-10 14:00:55 -07:00
pub fn getEnvVarOwned ( allocator : Allocator , key : [ ] const u8 ) GetEnvVarOwnedError ! [ ] u8 {
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2020-02-22 17:35:36 -05:00
const result_w = blk : {
2024-02-09 19:28:57 -08:00
var stack_alloc = std . heap . stackFallback ( 256 * @sizeOf ( u16 ) , allocator ) ;
const stack_allocator = stack_alloc . get ( ) ;
2024-05-23 11:25:41 -07:00
const key_w = try unicode . wtf8ToWtf16LeAllocZ ( stack_allocator , key ) ;
2024-02-09 19:28:57 -08:00
defer stack_allocator . free ( key_w ) ;
2020-02-22 17:35:36 -05:00
2024-03-18 22:39:59 -07:00
break : blk getenvW ( key_w ) orelse return error . EnvironmentVariableNotFound ;
2020-02-22 17:35:36 -05:00
} ;
2024-02-13 16:56:50 -08:00
// wtf16LeToWtf8Alloc can only fail with OutOfMemory
2024-05-23 11:25:41 -07:00
return unicode . wtf16LeToWtf8Alloc ( allocator , result_w ) ;
2024-03-18 22:39:59 -07:00
} else if ( native_os == . wasi and ! builtin . link_libc ) {
2023-01-06 08:40:16 -08:00
var envmap = getEnvMap ( allocator ) catch return error . OutOfMemory ;
defer envmap . deinit ( ) ;
const val = envmap . get ( key ) orelse return error . EnvironmentVariableNotFound ;
return allocator . dupe ( u8 , val ) ;
2019-05-24 18:27:18 -04:00
} else {
2024-03-18 22:39:59 -07:00
const result = posix . getenv ( key ) orelse return error . EnvironmentVariableNotFound ;
2020-07-04 13:44:28 +02:00
return allocator . dupe ( u8 , result ) ;
2019-05-24 18:27:18 -04:00
}
}
2025-03-17 17:24:00 -07:00
/// On Windows, `key` must be valid WTF-8.
2021-06-21 13:47:38 -05:00
pub fn hasEnvVarConstant ( comptime key : [ ] const u8 ) bool {
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2025-03-17 17:24:00 -07:00
const key_w = comptime unicode . wtf8ToWtf16LeStringLiteral ( key ) ;
2024-03-18 22:39:59 -07:00
return getenvW ( key_w ) != null ;
} else if ( native_os == . wasi and ! builtin . link_libc ) {
2023-01-06 08:40:16 -08:00
@compileError ( " hasEnvVarConstant is not supported for WASI without libc " ) ;
2021-06-21 13:47:38 -05:00
} else {
2024-03-18 22:39:59 -07:00
return posix . getenv ( key ) != null ;
2021-06-21 13:47:38 -05:00
}
}
2025-03-17 17:24:00 -07:00
/// On Windows, `key` must be valid WTF-8.
2025-02-04 21:19:02 -08:00
pub fn hasNonEmptyEnvVarConstant ( comptime key : [ ] const u8 ) bool {
if ( native_os == . windows ) {
2025-03-17 17:24:00 -07:00
const key_w = comptime unicode . wtf8ToWtf16LeStringLiteral ( key ) ;
2025-02-04 21:19:02 -08:00
const value = getenvW ( key_w ) orelse return false ;
return value . len != 0 ;
} else if ( native_os == . wasi and ! builtin . link_libc ) {
@compileError ( " hasNonEmptyEnvVarConstant is not supported for WASI without libc " ) ;
} else {
const value = posix . getenv ( key ) orelse return false ;
return value . len != 0 ;
}
}
2024-05-23 14:10:03 -07:00
pub const ParseEnvVarIntError = std . fmt . ParseIntError || error { EnvironmentVariableNotFound } ;
/// Parses an environment variable as an integer.
///
/// Since the key is comptime-known, no allocation is needed.
///
2025-03-17 17:24:00 -07:00
/// On Windows, `key` must be valid WTF-8.
2024-05-23 14:10:03 -07:00
pub fn parseEnvVarInt ( comptime key : [ ] const u8 , comptime I : type , base : u8 ) ParseEnvVarIntError ! I {
if ( native_os == . windows ) {
2025-03-17 17:24:00 -07:00
const key_w = comptime std . unicode . wtf8ToWtf16LeStringLiteral ( key ) ;
2024-05-23 14:10:03 -07:00
const text = getenvW ( key_w ) orelse return error . EnvironmentVariableNotFound ;
2024-05-26 07:07:44 -04:00
return std . fmt . parseIntWithGenericCharacter ( I , u16 , text , base ) ;
2024-05-23 14:10:03 -07:00
} else if ( native_os == . wasi and ! builtin . link_libc ) {
@compileError ( " parseEnvVarInt is not supported for WASI without libc " ) ;
} else {
const text = posix . getenv ( key ) orelse return error . EnvironmentVariableNotFound ;
return std . fmt . parseInt ( I , text , base ) ;
}
}
2024-02-13 16:56:50 -08:00
pub const HasEnvVarError = error {
OutOfMemory ,
/// On Windows, environment variable keys provided by the user must be valid WTF-8.
2025-10-10 17:18:34 +00:00
/// https://wtf-8.codeberg.page/
2024-02-13 16:56:50 -08:00
InvalidWtf8 ,
} ;
2025-10-10 17:18:34 +00:00
/// On Windows, if `key` is not valid [WTF-8](https://wtf-8.codeberg.page/),
2024-02-13 16:56:50 -08:00
/// then `error.InvalidWtf8` is returned.
pub fn hasEnvVar ( allocator : Allocator , key : [ ] const u8 ) HasEnvVarError ! bool {
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2021-06-21 13:47:38 -05:00
var stack_alloc = std . heap . stackFallback ( 256 * @sizeOf ( u16 ) , allocator ) ;
2024-02-13 16:56:50 -08:00
const stack_allocator = stack_alloc . get ( ) ;
2024-05-23 11:25:41 -07:00
const key_w = try unicode . wtf8ToWtf16LeAllocZ ( stack_allocator , key ) ;
2024-02-13 16:56:50 -08:00
defer stack_allocator . free ( key_w ) ;
2024-03-18 22:39:59 -07:00
return getenvW ( key_w ) != null ;
} else if ( native_os == . wasi and ! builtin . link_libc ) {
2023-01-06 08:40:16 -08:00
var envmap = getEnvMap ( allocator ) catch return error . OutOfMemory ;
defer envmap . deinit ( ) ;
return envmap . getPtr ( key ) != null ;
2021-06-21 13:47:38 -05:00
} else {
2024-03-18 22:39:59 -07:00
return posix . getenv ( key ) != null ;
}
}
2025-10-10 17:18:34 +00:00
/// On Windows, if `key` is not valid [WTF-8](https://wtf-8.codeberg.page/),
2025-02-04 21:19:02 -08:00
/// then `error.InvalidWtf8` is returned.
pub fn hasNonEmptyEnvVar ( allocator : Allocator , key : [ ] const u8 ) HasEnvVarError ! bool {
if ( native_os == . windows ) {
var stack_alloc = std . heap . stackFallback ( 256 * @sizeOf ( u16 ) , allocator ) ;
const stack_allocator = stack_alloc . get ( ) ;
const key_w = try unicode . wtf8ToWtf16LeAllocZ ( stack_allocator , key ) ;
defer stack_allocator . free ( key_w ) ;
const value = getenvW ( key_w ) orelse return false ;
return value . len != 0 ;
} else if ( native_os == . wasi and ! builtin . link_libc ) {
var envmap = getEnvMap ( allocator ) catch return error . OutOfMemory ;
defer envmap . deinit ( ) ;
const value = envmap . getPtr ( key ) orelse return false ;
return value . len != 0 ;
} else {
const value = posix . getenv ( key ) orelse return false ;
return value . len != 0 ;
}
}
2024-03-18 22:39:59 -07:00
/// Windows-only. Get an environment variable with a null-terminated, WTF-16 encoded name.
2025-11-16 04:07:48 -08:00
/// The returned slice points to memory in the PEB.
2024-03-18 22:39:59 -07:00
///
/// This function performs a Unicode-aware case-insensitive lookup using RtlEqualUnicodeString.
///
/// See also:
/// * `std.posix.getenv`
/// * `getEnvMap`
/// * `getEnvVarOwned`
/// * `hasEnvVarConstant`
/// * `hasEnvVar`
pub fn getenvW ( key : [ * : 0 ] const u16 ) ? [ : 0 ] const u16 {
if ( native_os != . windows ) {
@compileError ( " Windows-only " ) ;
}
const key_slice = mem . sliceTo ( key , 0 ) ;
2025-03-16 17:37:31 -07:00
// '=' anywhere but the start makes this an invalid environment variable name
if ( key_slice . len > 0 and std . mem . indexOfScalar ( u16 , key_slice [ 1 .. ] , '=' ) != null ) {
return null ;
}
2024-03-18 22:39:59 -07:00
const ptr = windows . peb ( ) . ProcessParameters . Environment ;
var i : usize = 0 ;
while ( ptr [ i ] != 0 ) {
2025-03-16 17:37:31 -07:00
const key_value = mem . sliceTo ( ptr [ i .. ] , 0 ) ;
2024-03-18 22:39:59 -07:00
// There are some special environment variables that start with =,
// so we need a special case to not treat = as a key/value separator
// if it's the first character.
// https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133
2025-03-16 17:37:31 -07:00
const equal_search_start : usize = if ( key_value [ 0 ] == '=' ) 1 else 0 ;
const equal_index = std . mem . indexOfScalarPos ( u16 , key_value , equal_search_start , '=' ) orelse {
// This is enforced by CreateProcess.
// If violated, CreateProcess will fail with INVALID_PARAMETER.
unreachable ; // must contain a =
} ;
2024-03-18 22:39:59 -07:00
2025-03-16 17:37:31 -07:00
const this_key = key_value [ 0 .. equal_index ] ;
2025-11-16 03:45:38 -08:00
if ( windows . eqlIgnoreCaseWtf16 ( key_slice , this_key ) ) {
2025-03-16 17:37:31 -07:00
return key_value [ equal_index + 1 .. ] ;
2024-03-18 22:39:59 -07:00
}
2025-03-16 17:37:31 -07:00
// skip past the NUL terminator
i += key_value . len + 1 ;
2021-06-21 13:47:38 -05:00
}
2024-03-18 22:39:59 -07:00
return null ;
2021-06-21 13:47:38 -05:00
}
2024-02-13 16:56:50 -08:00
test getEnvVarOwned {
try testing . expectError (
error . EnvironmentVariableNotFound ,
getEnvVarOwned ( std . testing . allocator , " BADENV " ) ,
) ;
}
test hasEnvVarConstant {
2024-03-18 22:39:59 -07:00
if ( native_os == . wasi and ! builtin . link_libc ) return error . SkipZigTest ;
2024-02-13 16:56:50 -08:00
try testing . expect ( ! hasEnvVarConstant ( " BADENV " ) ) ;
}
test hasEnvVar {
const has_env = try hasEnvVar ( std . testing . allocator , " BADENV " ) ;
try testing . expect ( ! has_env ) ;
2019-05-24 18:27:18 -04:00
}
pub const ArgIteratorPosix = struct {
index : usize ,
count : usize ,
2022-01-30 11:27:52 -08:00
pub const InitError = error { } ;
2019-05-24 18:27:18 -04:00
pub fn init ( ) ArgIteratorPosix {
return ArgIteratorPosix {
. index = 0 ,
2024-03-18 22:39:59 -07:00
. count = std . os . argv . len ,
2019-05-24 18:27:18 -04:00
} ;
}
2020-10-22 17:52:48 -04:00
pub fn next ( self : * ArgIteratorPosix ) ? [ : 0 ] const u8 {
2019-05-24 18:27:18 -04:00
if ( self . index == self . count ) return null ;
2024-03-18 22:39:59 -07:00
const s = std . os . argv [ self . index ] ;
2019-05-24 18:27:18 -04:00
self . index += 1 ;
2021-11-30 00:13:07 -07:00
return mem . sliceTo ( s , 0 ) ;
2019-05-24 18:27:18 -04:00
}
pub fn skip ( self : * ArgIteratorPosix ) bool {
if ( self . index == self . count ) return false ;
self . index += 1 ;
return true ;
}
} ;
2020-05-20 19:42:15 +02:00
pub const ArgIteratorWasi = struct {
2022-11-10 14:00:55 -07:00
allocator : Allocator ,
2020-05-20 19:42:15 +02:00
index : usize ,
2020-10-22 17:52:48 -04:00
args : [ ] [ : 0 ] u8 ,
2020-05-20 19:42:15 +02:00
2024-03-18 22:39:59 -07:00
pub const InitError = error { OutOfMemory } || posix . UnexpectedError ;
2020-05-20 19:42:15 +02:00
/// You must call deinit to free the internal buffer of the
/// iterator after you are done.
2022-11-10 14:00:55 -07:00
pub fn init ( allocator : Allocator ) InitError ! ArgIteratorWasi {
2020-05-20 19:42:15 +02:00
const fetched_args = try ArgIteratorWasi . internalInit ( allocator ) ;
return ArgIteratorWasi {
. allocator = allocator ,
. index = 0 ,
. args = fetched_args ,
} ;
}
2022-11-10 14:00:55 -07:00
fn internalInit ( allocator : Allocator ) InitError ! [ ] [ : 0 ] u8 {
2020-05-20 19:42:15 +02:00
var count : usize = undefined ;
var buf_size : usize = undefined ;
2024-03-18 22:39:59 -07:00
switch ( std . os . wasi . args_sizes_get ( & count , & buf_size ) ) {
2021-08-23 17:06:56 -07:00
. SUCCESS = > { } ,
2024-03-18 22:39:59 -07:00
else = > | err | return posix . unexpectedErrno ( err ) ,
2020-05-20 19:42:15 +02:00
}
2023-01-19 13:50:23 +08:00
if ( count == 0 ) {
return & [ _ ] [ : 0 ] u8 { } ;
}
2023-11-10 05:27:17 +00:00
const argv = try allocator . alloc ( [ * : 0 ] u8 , count ) ;
2020-05-20 19:42:15 +02:00
defer allocator . free ( argv ) ;
2023-11-10 05:27:17 +00:00
const argv_buf = try allocator . alloc ( u8 , buf_size ) ;
2020-05-20 19:42:15 +02:00
2024-03-18 22:39:59 -07:00
switch ( std . os . wasi . args_get ( argv . ptr , argv_buf . ptr ) ) {
2021-08-23 17:06:56 -07:00
. SUCCESS = > { } ,
2024-03-18 22:39:59 -07:00
else = > | err | return posix . unexpectedErrno ( err ) ,
2020-05-20 19:42:15 +02:00
}
2020-10-22 17:52:48 -04:00
var result_args = try allocator . alloc ( [ : 0 ] u8 , count ) ;
2020-05-20 19:42:15 +02:00
var i : usize = 0 ;
while ( i < count ) : ( i += 1 ) {
2021-11-30 00:13:07 -07:00
result_args [ i ] = mem . sliceTo ( argv [ i ] , 0 ) ;
2020-05-20 19:42:15 +02:00
}
return result_args ;
}
2020-10-22 17:52:48 -04:00
pub fn next ( self : * ArgIteratorWasi ) ? [ : 0 ] const u8 {
2020-05-20 19:42:15 +02:00
if ( self . index == self . args . len ) return null ;
const arg = self . args [ self . index ] ;
self . index += 1 ;
return arg ;
}
pub fn skip ( self : * ArgIteratorWasi ) bool {
if ( self . index == self . args . len ) return false ;
self . index += 1 ;
return true ;
}
/// Call to free the internal buffer of the iterator.
pub fn deinit ( self : * ArgIteratorWasi ) void {
const last_item = self . args [ self . args . len - 1 ] ;
2023-06-15 13:14:16 +06:00
const last_byte_addr = @intFromPtr ( last_item . ptr ) + last_item . len + 1 ; // null terminated
2020-05-20 19:42:15 +02:00
const first_item_ptr = self . args [ 0 ] . ptr ;
2023-06-15 13:14:16 +06:00
const len = last_byte_addr - @intFromPtr ( first_item_ptr ) ;
2020-05-20 19:42:15 +02:00
self . allocator . free ( first_item_ptr [ 0 .. len ] ) ;
self . allocator . free ( self . args ) ;
}
} ;
2023-12-18 22:55:46 +01:00
/// Iterator that implements the Windows command-line parsing algorithm.
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
/// The implementation is intended to be compatible with the post-2008 C runtime,
/// but is *not* intended to be compatible with `CommandLineToArgvW` since
/// `CommandLineToArgvW` uses the pre-2008 parsing rules.
2023-12-18 22:55:46 +01:00
///
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
/// This iterator faithfully implements the parsing behavior observed from the C runtime with
2023-12-18 22:55:46 +01:00
/// one exception: if the command-line string is empty, the iterator will immediately complete
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
/// without returning any arguments (whereas the C runtime will return a single argument
2023-12-18 22:55:46 +01:00
/// representing the name of the current executable).
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
///
/// The essential parts of the algorithm are described in Microsoft's documentation:
///
/// - https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170#parsing-c-command-line-arguments
///
/// David Deley explains some additional undocumented quirks in great detail:
///
/// - https://daviddeley.com/autohotkey/parameters/parameters.htm#WINCRULES
2023-12-18 22:55:46 +01:00
pub const ArgIteratorWindows = struct {
allocator : Allocator ,
2024-07-12 00:38:10 -07:00
/// Encoded as WTF-16 LE.
2024-07-13 17:29:18 -07:00
cmd_line : [ ] const u16 ,
2023-12-18 22:55:46 +01:00
index : usize = 0 ,
2024-07-12 00:38:10 -07:00
/// Owned by the iterator. Long enough to hold contiguous NUL-terminated slices
/// of each argument encoded as WTF-8.
2023-12-18 22:55:46 +01:00
buffer : [ ] u8 ,
start : usize = 0 ,
end : usize = 0 ,
2024-02-13 16:56:50 -08:00
pub const InitError = error { OutOfMemory } ;
2023-12-18 22:55:46 +01:00
2024-02-13 16:56:50 -08:00
/// `cmd_line_w` *must* be a WTF16-LE-encoded string.
2023-12-18 22:55:46 +01:00
///
2024-07-12 00:38:10 -07:00
/// The iterator stores and uses `cmd_line_w`, so its memory must be valid for
/// at least as long as the returned ArgIteratorWindows.
2024-07-13 17:29:18 -07:00
pub fn init ( allocator : Allocator , cmd_line_w : [ ] const u16 ) InitError ! ArgIteratorWindows {
const wtf8_len = unicode . calcWtf8Len ( cmd_line_w ) ;
2024-07-12 00:38:10 -07:00
// This buffer must be large enough to contain contiguous NUL-terminated slices
2024-07-13 15:03:55 -07:00
// of each argument.
// - During parsing, the length of a parsed argument will always be equal to
// to less than its unparsed length
// - The first argument needs one extra byte of space allocated for its NUL
// terminator, but for each subsequent argument the necessary whitespace
// between arguments guarantees room for their NUL terminator(s).
2024-07-12 00:38:10 -07:00
const buffer = try allocator . alloc ( u8 , wtf8_len + 1 ) ;
2023-12-18 22:55:46 +01:00
errdefer allocator . free ( buffer ) ;
return . {
. allocator = allocator ,
2024-07-13 17:29:18 -07:00
. cmd_line = cmd_line_w ,
2023-12-18 22:55:46 +01:00
. buffer = buffer ,
} ;
}
/// Returns the next argument and advances the iterator. Returns `null` if at the end of the
/// command-line string. The iterator owns the returned slice.
2025-10-10 17:18:34 +00:00
/// The result is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2023-12-18 22:55:46 +01:00
pub fn next ( self : * ArgIteratorWindows ) ? [ : 0 ] const u8 {
return self . nextWithStrategy ( next_strategy ) ;
}
/// Skips the next argument and advances the iterator. Returns `true` if an argument was
/// skipped, `false` if at the end of the command-line string.
pub fn skip ( self : * ArgIteratorWindows ) bool {
return self . nextWithStrategy ( skip_strategy ) ;
}
const next_strategy = struct {
const T = ? [ : 0 ] const u8 ;
const eof = null ;
2024-07-13 16:54:00 -07:00
/// Returns '\' if any backslashes are emitted, otherwise returns `last_emitted_code_unit`.
fn emitBackslashes ( self : * ArgIteratorWindows , count : usize , last_emitted_code_unit : ? u16 ) ? u16 {
for ( 0 .. count ) | _ | {
self . buffer [ self . end ] = '\\' ;
self . end += 1 ;
}
return if ( count != 0 ) '\\' else last_emitted_code_unit ;
2023-12-18 22:55:46 +01:00
}
2024-07-13 16:54:00 -07:00
/// If `last_emitted_code_unit` and `code_unit` form a surrogate pair, then
/// the previously emitted high surrogate is overwritten by the codepoint encoded
/// by the surrogate pair, and `null` is returned.
/// Otherwise, `code_unit` is emitted and returned.
fn emitCharacter ( self : * ArgIteratorWindows , code_unit : u16 , last_emitted_code_unit : ? u16 ) ? u16 {
2024-07-12 00:38:10 -07:00
// Because we are emitting WTF-8, we need to
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
// check to see if we've emitted two consecutive surrogate
// codepoints that form a valid surrogate pair in order
// to ensure that we're always emitting well-formed WTF-8
2025-10-10 17:18:34 +00:00
// (https://wtf-8.codeberg.page/#concatenating).
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
//
// If we do have a valid surrogate pair, we need to emit
// the UTF-8 sequence for the codepoint that they encode
// instead of the WTF-8 encoding for the two surrogate pairs
// separately.
//
// This is relevant when dealing with a WTF-16 encoded
// command line like this:
// "<0xD801>"<0xDC37>
2024-07-12 00:38:10 -07:00
// which would get parsed and converted to WTF-8 as:
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
// <0xED><0xA0><0x81><0xED><0xB0><0xB7>
// but instead, we need to recognize the surrogate pair
// and emit the codepoint it encodes, which in this
// example is U+10437 (𐐷), which is encoded in UTF-8 as:
// <0xF0><0x90><0x90><0xB7>
2024-07-13 16:54:00 -07:00
if ( last_emitted_code_unit != null and
std . unicode . utf16IsLowSurrogate ( code_unit ) and
std . unicode . utf16IsHighSurrogate ( last_emitted_code_unit .? ) )
{
const codepoint = std . unicode . utf16DecodeSurrogatePair ( & . { last_emitted_code_unit .? , code_unit } ) catch unreachable ;
// Unpaired surrogate is 3 bytes long
const dest = self . buffer [ self . end - 3 .. ] ;
const len = unicode . utf8Encode ( codepoint , dest ) catch unreachable ;
// All codepoints that require a surrogate pair (> U+FFFF) are encoded as 4 bytes
assert ( len == 4 ) ;
self . end += 1 ;
return null ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
}
2024-07-13 16:54:00 -07:00
const wtf8_len = std . unicode . wtf8Encode ( code_unit , self . buffer [ self . end .. ] ) catch unreachable ;
self . end += wtf8_len ;
return code_unit ;
2023-12-18 22:55:46 +01:00
}
fn yieldArg ( self : * ArgIteratorWindows ) [ : 0 ] const u8 {
self . buffer [ self . end ] = 0 ;
const arg = self . buffer [ self . start .. self . end : 0 ] ;
self . end += 1 ;
self . start = self . end ;
return arg ;
}
} ;
const skip_strategy = struct {
const T = bool ;
const eof = false ;
2024-07-13 16:54:00 -07:00
fn emitBackslashes ( _ : * ArgIteratorWindows , _ : usize , last_emitted_code_unit : ? u16 ) ? u16 {
return last_emitted_code_unit ;
}
2023-12-18 22:55:46 +01:00
2024-07-13 16:54:00 -07:00
fn emitCharacter ( _ : * ArgIteratorWindows , _ : u16 , last_emitted_code_unit : ? u16 ) ? u16 {
return last_emitted_code_unit ;
}
2023-12-18 22:55:46 +01:00
fn yieldArg ( _ : * ArgIteratorWindows ) bool {
return true ;
}
} ;
fn nextWithStrategy ( self : * ArgIteratorWindows , comptime strategy : type ) strategy . T {
2024-07-13 16:54:00 -07:00
var last_emitted_code_unit : ? u16 = null ;
2023-12-18 22:55:46 +01:00
// The first argument (the executable name) uses different parsing rules.
if ( self . index == 0 ) {
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
if ( self . cmd_line . len == 0 or self . cmd_line [ 0 ] == 0 ) {
// Immediately complete the iterator.
// The C runtime would return the name of the current executable here.
return strategy . eof ;
}
var inside_quotes = false ;
while ( true ) : ( self . index += 1 ) {
2024-07-12 00:38:10 -07:00
const char = if ( self . index != self . cmd_line . len )
mem . littleToNative ( u16 , self . cmd_line [ self . index ] )
else
0 ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
switch ( char ) {
0 = > {
return strategy . yieldArg ( self ) ;
} ,
'"' = > {
inside_quotes = ! inside_quotes ;
} ,
' ' , '\t' = > {
2024-07-13 16:54:00 -07:00
if ( inside_quotes ) {
last_emitted_code_unit = strategy . emitCharacter ( self , char , last_emitted_code_unit ) ;
} else {
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
self . index += 1 ;
return strategy . yieldArg ( self ) ;
2023-12-18 22:55:46 +01:00
}
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
} ,
else = > {
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitCharacter ( self , char , last_emitted_code_unit ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
} ,
}
2023-12-18 22:55:46 +01:00
}
}
// Skip spaces and tabs. The iterator completes if we reach the end of the string here.
while ( true ) : ( self . index += 1 ) {
2024-07-12 00:38:10 -07:00
const char = if ( self . index != self . cmd_line . len )
mem . littleToNative ( u16 , self . cmd_line [ self . index ] )
else
0 ;
2023-12-18 22:55:46 +01:00
switch ( char ) {
0 = > return strategy . eof ,
' ' , '\t' = > continue ,
else = > break ,
}
}
// Parsing rules for subsequent arguments:
//
// - The end of the string always terminates the current argument.
// - When not in 'inside_quotes' mode, a space or tab terminates the current argument.
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
// - 2n backslashes followed by a quote emit n backslashes (note: n can be zero).
// If in 'inside_quotes' and the quote is immediately followed by a second quote,
// one quote is emitted and the other is skipped, otherwise, the quote is skipped
// and 'inside_quotes' is toggled.
2023-12-18 22:55:46 +01:00
// - 2n + 1 backslashes followed by a quote emit n backslashes followed by a quote.
// - n backslashes not followed by a quote emit n backslashes.
var backslash_count : usize = 0 ;
var inside_quotes = false ;
while ( true ) : ( self . index += 1 ) {
2024-07-12 00:38:10 -07:00
const char = if ( self . index != self . cmd_line . len )
mem . littleToNative ( u16 , self . cmd_line [ self . index ] )
else
0 ;
2023-12-18 22:55:46 +01:00
switch ( char ) {
0 = > {
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitBackslashes ( self , backslash_count , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
return strategy . yieldArg ( self ) ;
} ,
' ' , '\t' = > {
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitBackslashes ( self , backslash_count , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
backslash_count = 0 ;
2024-07-13 16:54:00 -07:00
if ( inside_quotes ) {
last_emitted_code_unit = strategy . emitCharacter ( self , char , last_emitted_code_unit ) ;
} else return strategy . yieldArg ( self ) ;
2023-12-18 22:55:46 +01:00
} ,
'"' = > {
const char_is_escaped_quote = backslash_count % 2 != 0 ;
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitBackslashes ( self , backslash_count / 2 , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
backslash_count = 0 ;
if ( char_is_escaped_quote ) {
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitCharacter ( self , '"' , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
} else {
if ( inside_quotes and
self . index + 1 != self . cmd_line . len and
2024-07-12 00:38:10 -07:00
mem . littleToNative ( u16 , self . cmd_line [ self . index + 1 ] ) == '"' )
2023-12-18 22:55:46 +01:00
{
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitCharacter ( self , '"' , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
self . index += 1 ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
} else {
inside_quotes = ! inside_quotes ;
2023-12-18 22:55:46 +01:00
}
}
} ,
'\\' = > {
backslash_count += 1 ;
} ,
else = > {
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitBackslashes ( self , backslash_count , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
backslash_count = 0 ;
2024-07-13 16:54:00 -07:00
last_emitted_code_unit = strategy . emitCharacter ( self , char , last_emitted_code_unit ) ;
2023-12-18 22:55:46 +01:00
} ,
}
}
}
/// Frees the iterator's copy of the command-line string and all previously returned
/// argument slices.
pub fn deinit ( self : * ArgIteratorWindows ) void {
self . allocator . free ( self . buffer ) ;
}
} ;
2022-01-30 11:27:52 -08:00
/// Optional parameters for `ArgIteratorGeneral`
pub const ArgIteratorGeneralOptions = struct {
2022-02-04 19:55:32 +02:00
comments : bool = false ,
single_quotes : bool = false ,
2022-01-30 11:27:52 -08:00
} ;
2019-05-24 18:27:18 -04:00
2022-01-30 11:27:52 -08:00
/// A general Iterator to parse a string into a set of arguments
pub fn ArgIteratorGeneral ( comptime options : ArgIteratorGeneralOptions ) type {
return struct {
allocator : Allocator ,
index : usize = 0 ,
cmd_line : [ ] const u8 ,
/// Should the cmd_line field be free'd (using the allocator) on deinit()?
free_cmd_line_on_deinit : bool ,
/// buffer MUST be long enough to hold the cmd_line plus a null terminator.
/// buffer will we free'd (using the allocator) on deinit()
buffer : [ ] u8 ,
start : usize = 0 ,
end : usize = 0 ,
pub const Self = @This ( ) ;
pub const InitError = error { OutOfMemory } ;
/// cmd_line_utf8 MUST remain valid and constant while using this instance
pub fn init ( allocator : Allocator , cmd_line_utf8 : [ ] const u8 ) InitError ! Self {
2023-11-10 05:27:17 +00:00
const buffer = try allocator . alloc ( u8 , cmd_line_utf8 . len + 1 ) ;
2022-01-30 11:27:52 -08:00
errdefer allocator . free ( buffer ) ;
return Self {
. allocator = allocator ,
. cmd_line = cmd_line_utf8 ,
. free_cmd_line_on_deinit = false ,
. buffer = buffer ,
} ;
}
2019-05-24 18:27:18 -04:00
2022-01-30 11:27:52 -08:00
/// cmd_line_utf8 will be free'd (with the allocator) on deinit()
pub fn initTakeOwnership ( allocator : Allocator , cmd_line_utf8 : [ ] const u8 ) InitError ! Self {
2023-11-10 05:27:17 +00:00
const buffer = try allocator . alloc ( u8 , cmd_line_utf8 . len + 1 ) ;
2022-01-30 11:27:52 -08:00
errdefer allocator . free ( buffer ) ;
return Self {
. allocator = allocator ,
. cmd_line = cmd_line_utf8 ,
. free_cmd_line_on_deinit = true ,
. buffer = buffer ,
} ;
}
2019-05-24 18:27:18 -04:00
2022-01-30 11:27:52 -08:00
// Skips over whitespace in the cmd_line.
// Returns false if the terminating sentinel is reached, true otherwise.
// Also skips over comments (if supported).
fn skipWhitespace ( self : * Self ) bool {
while ( true ) : ( self . index += 1 ) {
const character = if ( self . index != self . cmd_line . len ) self . cmd_line [ self . index ] else 0 ;
switch ( character ) {
0 = > return false ,
' ' , '\t' , '\r' , '\n' = > continue ,
'#' = > {
2022-02-04 19:55:32 +02:00
if ( options . comments ) {
2022-01-30 11:27:52 -08:00
while ( true ) : ( self . index += 1 ) {
switch ( self . cmd_line [ self . index ] ) {
'\n' = > break ,
0 = > return false ,
else = > continue ,
}
}
continue ;
} else {
break ;
}
} ,
else = > break ,
}
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
return true ;
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
pub fn skip ( self : * Self ) bool {
if ( ! self . skipWhitespace ( ) ) {
return false ;
}
2019-05-24 18:27:18 -04:00
2022-01-30 11:27:52 -08:00
var backslash_count : usize = 0 ;
var in_quote = false ;
while ( true ) : ( self . index += 1 ) {
const character = if ( self . index != self . cmd_line . len ) self . cmd_line [ self . index ] else 0 ;
switch ( character ) {
0 = > return true ,
2022-02-04 19:55:32 +02:00
'"' , '\'' = > {
if ( ! options . single_quotes and character == '\'' ) {
backslash_count = 0 ;
continue ;
}
2022-01-30 11:27:52 -08:00
const quote_is_real = backslash_count % 2 == 0 ;
if ( quote_is_real ) {
in_quote = ! in_quote ;
}
} ,
'\\' = > {
backslash_count += 1 ;
} ,
' ' , '\t' , '\r' , '\n' = > {
if ( ! in_quote ) {
return true ;
}
backslash_count = 0 ;
} ,
else = > {
backslash_count = 0 ;
continue ;
} ,
}
2019-05-24 18:27:18 -04:00
}
}
2022-01-30 11:27:52 -08:00
/// Returns a slice of the internal buffer that contains the next argument.
/// Returns null when it reaches the end.
pub fn next ( self : * Self ) ? [ : 0 ] const u8 {
if ( ! self . skipWhitespace ( ) ) {
return null ;
}
var backslash_count : usize = 0 ;
var in_quote = false ;
while ( true ) : ( self . index += 1 ) {
const character = if ( self . index != self . cmd_line . len ) self . cmd_line [ self . index ] else 0 ;
switch ( character ) {
0 = > {
self . emitBackslashes ( backslash_count ) ;
self . buffer [ self . end ] = 0 ;
2023-11-10 05:27:17 +00:00
const token = self . buffer [ self . start .. self . end : 0 ] ;
2022-01-30 11:27:52 -08:00
self . end += 1 ;
self . start = self . end ;
return token ;
} ,
2022-02-04 19:55:32 +02:00
'"' , '\'' = > {
if ( ! options . single_quotes and character == '\'' ) {
self . emitBackslashes ( backslash_count ) ;
backslash_count = 0 ;
self . emitCharacter ( character ) ;
continue ;
}
2022-01-30 11:27:52 -08:00
const quote_is_real = backslash_count % 2 == 0 ;
self . emitBackslashes ( backslash_count / 2 ) ;
backslash_count = 0 ;
if ( quote_is_real ) {
in_quote = ! in_quote ;
} else {
self . emitCharacter ( '"' ) ;
}
} ,
'\\' = > {
backslash_count += 1 ;
} ,
' ' , '\t' , '\r' , '\n' = > {
self . emitBackslashes ( backslash_count ) ;
backslash_count = 0 ;
if ( in_quote ) {
self . emitCharacter ( character ) ;
} else {
self . buffer [ self . end ] = 0 ;
2023-11-10 05:27:17 +00:00
const token = self . buffer [ self . start .. self . end : 0 ] ;
2022-01-30 11:27:52 -08:00
self . end += 1 ;
self . start = self . end ;
return token ;
}
} ,
else = > {
self . emitBackslashes ( backslash_count ) ;
backslash_count = 0 ;
self . emitCharacter ( character ) ;
} ,
}
2019-05-24 18:27:18 -04:00
}
}
2022-01-30 11:27:52 -08:00
fn emitBackslashes ( self : * Self , emit_count : usize ) void {
var i : usize = 0 ;
while ( i < emit_count ) : ( i += 1 ) {
self . emitCharacter ( '\\' ) ;
2019-05-24 18:27:18 -04:00
}
}
2022-01-30 11:27:52 -08:00
fn emitCharacter ( self : * Self , char : u8 ) void {
self . buffer [ self . end ] = char ;
self . end += 1 ;
}
2020-11-30 10:47:01 -08:00
2022-01-30 11:27:52 -08:00
/// Call to free the internal buffer of the iterator.
pub fn deinit ( self : * Self ) void {
self . allocator . free ( self . buffer ) ;
if ( self . free_cmd_line_on_deinit ) {
self . allocator . free ( self . cmd_line ) ;
}
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
} ;
}
2019-05-24 18:27:18 -04:00
2022-01-30 11:27:52 -08:00
/// Cross-platform command line argument iterator.
2019-05-24 18:27:18 -04:00
pub const ArgIterator = struct {
2024-03-18 22:39:59 -07:00
const InnerType = switch ( native_os ) {
2023-12-18 22:55:46 +01:00
. windows = > ArgIteratorWindows ,
2021-07-27 08:59:34 +09:00
. wasi = > if ( builtin . link_libc ) ArgIteratorPosix else ArgIteratorWasi ,
2020-05-20 19:42:15 +02:00
else = > ArgIteratorPosix ,
} ;
2019-05-24 18:27:18 -04:00
inner : InnerType ,
2022-01-30 11:27:52 -08:00
/// Initialize the args iterator. Consider using initWithAllocator() instead
/// for cross-platform compatibility.
2019-05-24 18:27:18 -04:00
pub fn init ( ) ArgIterator {
2024-03-18 22:39:59 -07:00
if ( native_os == . wasi ) {
2020-05-29 08:40:32 +02:00
@compileError ( " In WASI, use initWithAllocator instead. " ) ;
2019-05-24 18:27:18 -04:00
}
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2022-01-30 11:27:52 -08:00
@compileError ( " In Windows, use initWithAllocator instead. " ) ;
}
2019-05-24 18:27:18 -04:00
return ArgIterator { . inner = InnerType . init ( ) } ;
}
2023-12-18 22:55:46 +01:00
pub const InitError = InnerType . InitError ;
2020-05-20 19:42:15 +02:00
2020-05-29 08:40:32 +02:00
/// You must deinitialize iterator's internal buffers by calling `deinit` when done.
2022-11-10 14:00:55 -07:00
pub fn initWithAllocator ( allocator : Allocator ) InitError ! ArgIterator {
2024-03-18 22:39:59 -07:00
if ( native_os == . wasi and ! builtin . link_libc ) {
2020-05-29 08:40:32 +02:00
return ArgIterator { . inner = try InnerType . init ( allocator ) } ;
}
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2024-07-13 17:25:06 -07:00
const cmd_line = std . os . windows . peb ( ) . ProcessParameters . CommandLine ;
2024-07-13 17:29:18 -07:00
const cmd_line_w = cmd_line . Buffer .? [ 0 .. cmd_line . Length / 2 ] ;
return ArgIterator { . inner = try InnerType . init ( allocator , cmd_line_w ) } ;
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
return ArgIterator { . inner = InnerType . init ( ) } ;
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
/// Get the next argument. Returns 'null' if we are at the end.
/// Returned slice is pointing to the iterator's internal buffer.
2025-10-10 17:18:34 +00:00
/// On Windows, the result is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2024-02-13 16:56:50 -08:00
/// On other platforms, the result is an opaque sequence of bytes with no particular encoding.
2022-01-30 11:27:52 -08:00
pub fn next ( self : * ArgIterator ) ? ( [ : 0 ] const u8 ) {
2020-05-20 19:42:15 +02:00
return self . inner . next ( ) ;
}
2019-05-24 18:27:18 -04:00
/// Parse past 1 argument without capturing it.
/// Returns `true` if skipped an arg, `false` if we are at the end.
pub fn skip ( self : * ArgIterator ) bool {
return self . inner . skip ( ) ;
}
2020-05-20 19:42:15 +02:00
2020-05-29 08:40:32 +02:00
/// Call this to free the iterator's internal buffer if the iterator
/// was created with `initWithAllocator` function.
pub fn deinit ( self : * ArgIterator ) void {
2022-01-30 11:27:52 -08:00
// Unless we're targeting WASI or Windows, this is a no-op.
2024-03-18 22:39:59 -07:00
if ( native_os == . wasi and ! builtin . link_libc ) {
2020-05-29 08:40:32 +02:00
self . inner . deinit ( ) ;
}
2022-01-30 11:27:52 -08:00
2024-03-18 22:39:59 -07:00
if ( native_os == . windows ) {
2022-01-30 11:27:52 -08:00
self . inner . deinit ( ) ;
}
2020-05-20 19:42:15 +02:00
}
2019-05-24 18:27:18 -04:00
} ;
2023-04-06 22:57:25 +02:00
/// Holds the command-line arguments, with the program name as the first entry.
/// Use argsWithAllocator() for cross-platform code.
2019-05-24 18:27:18 -04:00
pub fn args ( ) ArgIterator {
return ArgIterator . init ( ) ;
}
2020-05-29 08:40:32 +02:00
/// You must deinitialize iterator's internal buffers by calling `deinit` when done.
2022-11-10 14:00:55 -07:00
pub fn argsWithAllocator ( allocator : Allocator ) ArgIterator . InitError ! ArgIterator {
2020-05-29 08:40:32 +02:00
return ArgIterator . initWithAllocator ( allocator ) ;
}
2019-05-24 18:27:18 -04:00
/// Caller must call argsFree on result.
2025-10-10 17:18:34 +00:00
/// On Windows, the result is encoded as [WTF-8](https://wtf-8.codeberg.page/).
2024-02-13 16:56:50 -08:00
/// On other platforms, the result is an opaque sequence of bytes with no particular encoding.
2022-11-10 14:00:55 -07:00
pub fn argsAlloc ( allocator : Allocator ) ! [ ] [ : 0 ] u8 {
2019-05-24 18:27:18 -04:00
// TODO refactor to only make 1 allocation.
2022-01-30 11:27:52 -08:00
var it = try argsWithAllocator ( allocator ) ;
2020-05-29 08:40:32 +02:00
defer it . deinit ( ) ;
2020-05-20 19:42:15 +02:00
2025-07-31 21:54:07 -07:00
var contents = std . array_list . Managed ( u8 ) . init ( allocator ) ;
2019-05-24 18:27:18 -04:00
defer contents . deinit ( ) ;
2025-07-31 21:54:07 -07:00
var slice_list = std . array_list . Managed ( usize ) . init ( allocator ) ;
2019-05-24 18:27:18 -04:00
defer slice_list . deinit ( ) ;
2022-01-30 11:27:52 -08:00
while ( it . next ( ) ) | arg | {
2020-10-22 17:52:48 -04:00
try contents . appendSlice ( arg [ 0 .. arg . len + 1 ] ) ;
2019-05-24 18:27:18 -04:00
try slice_list . append ( arg . len ) ;
}
2020-11-06 18:54:08 +00:00
const contents_slice = contents . items ;
const slice_sizes = slice_list . items ;
2019-05-24 18:27:18 -04:00
const slice_list_bytes = try math . mul ( usize , @sizeOf ( [ ] u8 ) , slice_sizes . len ) ;
2022-01-28 10:40:03 +01:00
const total_bytes = try math . add ( usize , slice_list_bytes , contents_slice . len ) ;
2025-04-11 17:55:25 -07:00
const buf = try allocator . alignedAlloc ( u8 , . of ( [ ] u8 ) , total_bytes ) ;
2019-05-24 18:27:18 -04:00
errdefer allocator . free ( buf ) ;
2020-10-22 17:52:48 -04:00
const result_slice_list = mem . bytesAsSlice ( [ : 0 ] u8 , buf [ 0 .. slice_list_bytes ] ) ;
2019-05-24 18:27:18 -04:00
const result_contents = buf [ slice_list_bytes .. ] ;
2023-04-26 13:57:08 -07:00
@memcpy ( result_contents [ 0 .. contents_slice . len ] , contents_slice ) ;
2019-05-24 18:27:18 -04:00
var contents_index : usize = 0 ;
2023-02-18 09:02:57 -07:00
for ( slice_sizes , 0 .. ) | len , i | {
2019-05-24 18:27:18 -04:00
const new_index = contents_index + len ;
2020-10-22 17:52:48 -04:00
result_slice_list [ i ] = result_contents [ contents_index .. new_index : 0 ] ;
contents_index = new_index + 1 ;
2019-05-24 18:27:18 -04:00
}
return result_slice_list ;
}
2022-11-10 14:00:55 -07:00
pub fn argsFree ( allocator : Allocator , args_alloc : [ ] const [ : 0 ] u8 ) void {
2019-05-24 18:27:18 -04:00
var total_bytes : usize = 0 ;
for ( args_alloc ) | arg | {
2020-10-22 17:52:48 -04:00
total_bytes += @sizeOf ( [ ] u8 ) + arg . len + 1 ;
2019-05-24 18:27:18 -04:00
}
2023-06-22 18:46:56 +01:00
const unaligned_allocated_buf = @as ( [ * ] const u8 , @ptrCast ( args_alloc . ptr ) ) [ 0 .. total_bytes ] ;
const aligned_allocated_buf : [ ] align ( @alignOf ( [ ] u8 ) ) const u8 = @alignCast ( unaligned_allocated_buf ) ;
2019-05-24 18:27:18 -04:00
return allocator . free ( aligned_allocated_buf ) ;
}
2024-03-13 15:56:09 -07:00
test ArgIteratorWindows {
2023-12-18 22:55:46 +01:00
const t = testArgIteratorWindows ;
try t (
\\"C:\Program Files\zig\zig.exe" run .\src\main.zig -target x86_64-windows-gnu -O ReleaseSafe -- --emoji=🗿 --eval="new Regex(\"Dwayne \\\"The Rock\\\" Johnson\")"
, & . {
\\C:\Program Files\zig\zig.exe
,
\\run
,
\\.\src\main.zig
,
\\-target
,
\\x86_64-windows-gnu
,
\\-O
,
\\ReleaseSafe
,
\\--
,
\\--emoji=🗿
,
\\--eval=new Regex("Dwayne \"The Rock\" Johnson")
,
} ) ;
// Empty
try t ( " " , & . { } ) ;
// Separators
try t ( " aa bb cc " , & . { " aa " , " bb " , " cc " } ) ;
try t ( " aa \t bb \t cc " , & . { " aa " , " bb " , " cc " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " aa \n bb \n cc " , & . { " aa \n bb \n cc " } ) ;
try t ( " aa \r \n bb \r \n cc " , & . { " aa \r \n bb \r \n cc " } ) ;
try t ( " aa \r bb \r cc " , & . { " aa \r bb \r cc " } ) ;
try t ( " aa \x07 bb \x07 cc " , & . { " aa \x07 bb \x07 cc " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " aa \x7F bb \x7F cc " , & . { " aa \x7F bb \x7F cc " } ) ;
try t ( " aa🦎bb🦎cc " , & . { " aa🦎bb🦎cc " } ) ;
// Leading/trailing whitespace
try t ( " " , & . { " " } ) ;
try t ( " aa bb " , & . { " " , " aa " , " bb " } ) ;
try t ( " \t \t " , & . { " " } ) ;
try t ( " \t \t aa \t \t bb \t \t " , & . { " " , " aa " , " bb " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " \n \n " , & . { " \n \n " } ) ;
try t ( " \n \n aa \n \n bb \n \n " , & . { " \n \n aa \n \n bb \n \n " } ) ;
2023-12-18 22:55:46 +01:00
// Executable name with quotes/backslashes
try t ( " \" aa bb \t cc \n dd \" " , & . { " aa bb \t cc \n dd " } ) ;
try t ( " \" " , & . { " " } ) ;
try t ( " \" \" " , & . { " " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " \" \" \" " , & . { " " } ) ;
try t ( " \" \" \" \" " , & . { " " } ) ;
try t ( " \" \" \" \" \" " , & . { " " } ) ;
try t ( " aa \" bb \" cc \" dd " , & . { " aabbccdd " } ) ;
try t ( " aa \" bb cc \" dd " , & . { " aabb ccdd " } ) ;
try t ( " \" aa \\ \" bb \" " , & . { " aa \\ bb " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " \" aa \\ \\ \" " , & . { " aa \\ \\ " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " aa \\ \" bb " , & . { " aa \\ bb " } ) ;
try t ( " aa \\ \\ \" bb " , & . { " aa \\ \\ bb " } ) ;
2023-12-18 22:55:46 +01:00
// Arguments with quotes/backslashes
try t ( " . \" aa bb \t cc \n dd \" " , & . { " . " , " aa bb \t cc \n dd " } ) ;
try t ( " . aa \" \" bb \" \t \" cc \" \n \" dd \" " , & . { " . " , " aa bb \t cc \n dd " } ) ;
try t ( " . " , & . { " . " } ) ;
try t ( " . \" " , & . { " . " , " " } ) ;
try t ( " . \" \" " , & . { " . " , " " } ) ;
try t ( " . \" \" \" " , & . { " . " , " \" " } ) ;
try t ( " . \" \" \" \" " , & . { " . " , " \" " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " . \" \" \" \" \" " , & . { " . " , " \" \" " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " . \" \" \" \" \" \" " , & . { " . " , " \" \" " } ) ;
try t ( " . \" \" " , & . { " . " , " " } ) ;
try t ( " . \" \" \" " , & . { " . " , " \" " } ) ;
try t ( " . \" \" \" \" " , & . { " . " , " \" " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " . \" \" \" \" \" " , & . { " . " , " \" \" " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " . \" \" \" \" \" \" " , & . { " . " , " \" \" " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " . \" \" \" \" \" \" \" " , & . { " . " , " \" \" \" " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " . \\ \" " , & . { " . " , " \" " } ) ;
try t ( " . \\ \" \" " , & . { " . " , " \" " } ) ;
try t ( " . \\ \" \" \" " , & . { " . " , " \" " } ) ;
try t ( " . \\ \" \" \" \" " , & . { " . " , " \" \" " } ) ;
try t ( " . \\ \" \" \" \" \" " , & . { " . " , " \" \" " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " . \\ \" \" \" \" \" \" " , & . { " . " , " \" \" \" " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " . \" \\ \" " , & . { " . " , " \" " } ) ;
try t ( " . \" \\ \" \" " , & . { " . " , " \" " } ) ;
try t ( " . \" \\ \" \" \" " , & . { " . " , " \" \" " } ) ;
try t ( " . \" \\ \" \" \" \" " , & . { " . " , " \" \" " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
try t ( " . \" \\ \" \" \" \" \" " , & . { " . " , " \" \" \" " } ) ;
2023-12-18 22:55:46 +01:00
try t ( " . \" \\ \" \" \" \" \" \" " , & . { " . " , " \" \" \" " } ) ;
try t ( " . aa \\ bb \\ \\ cc \\ \\ \\ dd " , & . { " . " , " aa \\ bb \\ \\ cc \\ \\ \\ dd " } ) ;
try t ( " . \\ \\ \\ \" aa bb \" " , & . { " . " , " \\ \" aa " , " bb " } ) ;
try t ( " . \\ \\ \\ \\ \" aa bb \" " , & . { " . " , " \\ \\ aa bb " } ) ;
ArgIteratorWindows: Match post-2008 C runtime rather than CommandLineToArgvW
On Windows, the command line arguments of a program are a single WTF-16 encoded string and it's up to the program to split it into an array of strings. In C/C++, the entry point of the C runtime takes care of splitting the command line and passing argc/argv to the main function.
https://github.com/ziglang/zig/pull/18309 updated ArgIteratorWindows to match the behavior of CommandLineToArgvW, but it turns out that CommandLineToArgvW's behavior does not match the behavior of the C runtime post-2008. In 2008, the C runtime argv splitting changed how it handles consecutive double quotes within a quoted argument (it's now considered an escaped quote, e.g. `"foo""bar"` post-2008 would get parsed into `foo"bar`), and the rules around argv[0] were also changed.
This commit makes ArgIteratorWindows match the behavior of the post-2008 C runtime, and adds a standalone test that verifies the behavior matches both the MSVC and MinGW argv splitting exactly in all cases (it checks that randomly generated command line strings get split the same way).
The motivation here is roughly the same as when the same change was made in Rust (https://github.com/rust-lang/rust/pull/87580), that is (paraphrased):
- Consistent behavior between Zig and modern C/C++ programs
- Allows users to escape double quotes in a way that can be more straightforward
Additionally, the suggested mitigation for BatBadBut (https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) relies on the post-2008 argv splitting behavior for roundtripping of the arguments given to `cmd.exe`. Note: it's not necessary for the suggested mitigation to work, but it is necessary for the suggested escaping to be parsed back into the intended argv by ArgIteratorWindows after being run through a `.bat` file.
2024-04-15 02:09:19 -07:00
// From https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args#results-of-parsing-command-lines
try t (
\\foo.exe "abc" d e
, & . { " foo.exe " , " abc " , " d " , " e " } ) ;
try t (
\\foo.exe a\\b d"e f"g h
, & . { " foo.exe " , " a \\ \\ b " , " de fg " , " h " } ) ;
try t (
\\foo.exe a\\\"b c d
, & . { " foo.exe " , " a \\ \" b " , " c " , " d " } ) ;
try t (
\\foo.exe a\\\\"b c" d e
, & . { " foo.exe " , " a \\ \\ b c " , " d " , " e " } ) ;
try t (
\\foo.exe a"b"" c d
, & . { " foo.exe " , " ab \" c d " } ) ;
// From https://daviddeley.com/autohotkey/parameters/parameters.htm#WINCRULESEX
try t ( " foo.exe CallMeIshmael " , & . { " foo.exe " , " CallMeIshmael " } ) ;
try t ( " foo.exe \" Call Me Ishmael \" " , & . { " foo.exe " , " Call Me Ishmael " } ) ;
try t ( " foo.exe Cal \" l Me I \" shmael " , & . { " foo.exe " , " Call Me Ishmael " } ) ;
try t ( " foo.exe CallMe \\ \" Ishmael " , & . { " foo.exe " , " CallMe \" Ishmael " } ) ;
try t ( " foo.exe \" CallMe \\ \" Ishmael \" " , & . { " foo.exe " , " CallMe \" Ishmael " } ) ;
try t ( " foo.exe \" Call Me Ishmael \\ \\ \" " , & . { " foo.exe " , " Call Me Ishmael \\ " } ) ;
try t ( " foo.exe \" CallMe \\ \\ \\ \" Ishmael \" " , & . { " foo.exe " , " CallMe \\ \" Ishmael " } ) ;
try t ( " foo.exe a \\ \\ \\ b " , & . { " foo.exe " , " a \\ \\ \\ b " } ) ;
try t ( " foo.exe \" a \\ \\ \\ b \" " , & . { " foo.exe " , " a \\ \\ \\ b " } ) ;
// Surrogate pair encoding of 𐐷 separated by quotes.
// Encoded as WTF-16:
// "<0xD801>"<0xDC37>
// Encoded as WTF-8:
// "<0xED><0xA0><0x81>"<0xED><0xB0><0xB7>
// During parsing, the quotes drop out and the surrogate pair
// should end up encoded as its normal UTF-8 representation.
try t ( " foo.exe \" \xed \xa0 \x81 \" \xed \xb0 \xb7 " , & . { " foo.exe " , " 𐐷 " } ) ;
2023-12-18 22:55:46 +01:00
}
fn testArgIteratorWindows ( cmd_line : [ ] const u8 , expected_args : [ ] const [ ] const u8 ) ! void {
2024-05-23 11:25:41 -07:00
const cmd_line_w = try unicode . wtf8ToWtf16LeAllocZ ( testing . allocator , cmd_line ) ;
2023-12-18 22:55:46 +01:00
defer testing . allocator . free ( cmd_line_w ) ;
// next
{
var it = try ArgIteratorWindows . init ( testing . allocator , cmd_line_w ) ;
defer it . deinit ( ) ;
for ( expected_args ) | expected | {
if ( it . next ( ) ) | actual | {
try testing . expectEqualStrings ( expected , actual ) ;
} else {
return error . TestUnexpectedResult ;
}
}
try testing . expect ( it . next ( ) == null ) ;
}
// skip
{
var it = try ArgIteratorWindows . init ( testing . allocator , cmd_line_w ) ;
defer it . deinit ( ) ;
for ( 0 .. expected_args . len ) | _ | {
try testing . expect ( it . skip ( ) ) ;
}
try testing . expect ( ! it . skip ( ) ) ;
}
}
2022-01-30 11:27:52 -08:00
test " general arg parsing " {
2022-02-04 19:55:32 +02:00
try testGeneralCmdLine ( " a b \t c d " , & . { " a " , " b " , " c " , " d " } ) ;
try testGeneralCmdLine ( " \" abc \" d e " , & . { " abc " , " d " , " e " } ) ;
try testGeneralCmdLine ( " a \\ \\ \\ b d \" e f \" g h " , & . { " a \\ \\ \\ b " , " de fg " , " h " } ) ;
try testGeneralCmdLine ( " a \\ \\ \\ \" b c d " , & . { " a \\ \" b " , " c " , " d " } ) ;
try testGeneralCmdLine ( " a \\ \\ \\ \\ \" b c \" d e " , & . { " a \\ \\ b c " , " d " , " e " } ) ;
try testGeneralCmdLine ( " a b \t c \" d f " , & . { " a " , " b " , " c " , " d f " } ) ;
try testGeneralCmdLine ( " j k l \\ " , & . { " j " , " k " , " l \\ " } ) ;
try testGeneralCmdLine ( " \" \" x y z \\ \\ " , & . { " " , " x " , " y " , " z \\ \\ " } ) ;
try testGeneralCmdLine ( " \" . \\ .. \\ zig-cache \\ build \" \" bin \\ zig.exe \" \" . \\ .. \" \" . \\ .. \\ zig-cache \" \" --help \" " , & . {
2019-05-24 18:27:18 -04:00
" . \\ .. \\ zig-cache \\ build " ,
" bin \\ zig.exe " ,
" . \\ .. " ,
" . \\ .. \\ zig-cache " ,
" --help " ,
} ) ;
2022-02-04 19:55:32 +02:00
try testGeneralCmdLine (
\\ 'foo' "bar"
, & . { " 'foo' " , " bar " } ) ;
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
fn testGeneralCmdLine ( input_cmd_line : [ ] const u8 , expected_args : [ ] const [ ] const u8 ) ! void {
2022-02-04 19:55:32 +02:00
var it = try ArgIteratorGeneral ( . { } ) . init ( std . testing . allocator , input_cmd_line ) ;
2022-01-30 11:27:52 -08:00
defer it . deinit ( ) ;
for ( expected_args ) | expected_arg | {
const arg = it . next ( ) .? ;
try testing . expectEqualStrings ( expected_arg , arg ) ;
}
try testing . expect ( it . next ( ) == null ) ;
}
test " response file arg parsing " {
try testResponseFileCmdLine (
\\a b
\\c d\
2022-02-04 19:55:32 +02:00
, & . { " a " , " b " , " c " , " d \\ " } ) ;
try testResponseFileCmdLine ( " a b c d \\ " , & . { " a " , " b " , " c " , " d \\ " } ) ;
2022-01-30 11:27:52 -08:00
try testResponseFileCmdLine (
\\j
\\ k l # this is a comment \\ \\\ \\\\ "none" "\\" "\\\"
\\ "m" #another comment
\\
2022-02-04 19:55:32 +02:00
, & . { " j " , " k " , " l " , " m " } ) ;
2022-01-30 11:27:52 -08:00
try testResponseFileCmdLine (
\\ "" q ""
\\ "r s # t" "u\" v" #another comment
\\
2022-02-04 19:55:32 +02:00
, & . { " " , " q " , " " , " r s # t " , " u \" v " } ) ;
2022-01-30 11:27:52 -08:00
try testResponseFileCmdLine (
\\ -l"advapi32" a# b#c d#
\\e\\\
2022-02-04 19:55:32 +02:00
, & . { " -ladvapi32 " , " a# " , " b#c " , " d# " , " e \\ \\ \\ " } ) ;
try testResponseFileCmdLine (
\\ 'foo' "bar"
, & . { " foo " , " bar " } ) ;
2022-01-30 11:27:52 -08:00
}
fn testResponseFileCmdLine ( input_cmd_line : [ ] const u8 , expected_args : [ ] const [ ] const u8 ) ! void {
2022-02-04 19:55:32 +02:00
var it = try ArgIteratorGeneral ( . { . comments = true , . single_quotes = true } )
2022-01-30 11:27:52 -08:00
. init ( std . testing . allocator , input_cmd_line ) ;
defer it . deinit ( ) ;
2019-05-24 18:27:18 -04:00
for ( expected_args ) | expected_arg | {
2022-01-30 11:27:52 -08:00
const arg = it . next ( ) .? ;
2021-05-04 20:47:26 +03:00
try testing . expectEqualStrings ( expected_arg , arg ) ;
2019-05-24 18:27:18 -04:00
}
2022-01-30 11:27:52 -08:00
try testing . expect ( it . next ( ) == null ) ;
2019-05-24 18:27:18 -04:00
}
pub const UserInfo = struct {
2024-03-18 22:39:59 -07:00
uid : posix . uid_t ,
gid : posix . gid_t ,
2019-05-24 18:27:18 -04:00
} ;
/// POSIX function which gets a uid from username.
pub fn getUserInfo ( name : [ ] const u8 ) ! UserInfo {
2024-03-18 22:39:59 -07:00
return switch ( native_os ) {
2023-10-01 23:09:14 +11:00
. linux ,
2025-11-13 18:05:46 +01:00
. driverkit ,
. ios ,
. maccatalyst ,
2023-10-01 23:09:14 +11:00
. macos ,
. tvos ,
2025-11-13 18:05:46 +01:00
. visionos ,
. watchos ,
2023-10-01 23:09:14 +11:00
. freebsd ,
. netbsd ,
. openbsd ,
. haiku ,
. illumos ,
2025-03-10 22:48:21 +00:00
. serenity ,
2023-10-01 23:09:14 +11:00
= > posixGetUserInfo ( name ) ,
2019-05-24 18:27:18 -04:00
else = > @compileError ( " Unsupported OS " ) ,
} ;
}
/// TODO this reads /etc/passwd. But sometimes the user/id mapping is in something else
/// like NIS, AD, etc. See `man nss` or look at an strace for `id myuser`.
pub fn posixGetUserInfo ( name : [ ] const u8 ) ! UserInfo {
2020-09-10 13:36:34 +02:00
const file = try std . fs . openFileAbsolute ( " /etc/passwd " , . { } ) ;
defer file . close ( ) ;
2025-08-27 21:20:18 -07:00
var buffer : [ 4096 ] u8 = undefined ;
var file_reader = file . reader ( & buffer ) ;
return posixGetUserInfoPasswdStream ( name , & file_reader . interface ) catch | err | switch ( err ) {
error . ReadFailed = > return file_reader . err .? ,
error . EndOfStream = > return error . UserNotFound ,
error . CorruptPasswordFile = > return error . CorruptPasswordFile ,
} ;
}
2020-09-10 13:36:34 +02:00
2025-08-27 21:20:18 -07:00
fn posixGetUserInfoPasswdStream ( name : [ ] const u8 , reader : * std . Io . Reader ) ! UserInfo {
2019-05-24 18:27:18 -04:00
const State = enum {
2025-08-27 21:20:18 -07:00
start ,
wait_for_next_line ,
skip_password ,
read_user_id ,
read_group_id ,
2019-05-24 18:27:18 -04:00
} ;
var name_index : usize = 0 ;
2024-03-18 22:39:59 -07:00
var uid : posix . uid_t = 0 ;
var gid : posix . gid_t = 0 ;
2019-05-24 18:27:18 -04:00
2025-08-27 21:20:18 -07:00
sw : switch ( State . start ) {
. start = > switch ( try reader . takeByte ( ) ) {
':' = > {
if ( name_index == name . len ) {
continue : sw . skip_password ;
} else {
continue : sw . wait_for_next_line ;
}
} ,
'\n' = > return error . CorruptPasswordFile ,
else = > | byte | {
if ( name_index == name . len or name [ name_index ] != byte ) {
continue : sw . wait_for_next_line ;
}
name_index += 1 ;
continue : sw . start ;
} ,
} ,
. wait_for_next_line = > switch ( try reader . takeByte ( ) ) {
'\n' = > {
name_index = 0 ;
continue : sw . start ;
} ,
else = > continue : sw . wait_for_next_line ,
} ,
. skip_password = > switch ( try reader . takeByte ( ) ) {
'\n' = > return error . CorruptPasswordFile ,
':' = > {
continue : sw . read_user_id ;
} ,
else = > continue : sw . skip_password ,
} ,
. read_user_id = > switch ( try reader . takeByte ( ) ) {
':' = > {
continue : sw . read_group_id ;
} ,
'\n' = > return error . CorruptPasswordFile ,
else = > | byte | {
const digit = switch ( byte ) {
'0' .. . '9' = > byte - '0' ,
else = > return error . CorruptPasswordFile ,
} ;
{
const ov = @mulWithOverflow ( uid , 10 ) ;
if ( ov [ 1 ] != 0 ) return error . CorruptPasswordFile ;
uid = ov [ 0 ] ;
}
{
const ov = @addWithOverflow ( uid , digit ) ;
if ( ov [ 1 ] != 0 ) return error . CorruptPasswordFile ;
uid = ov [ 0 ] ;
}
continue : sw . read_user_id ;
} ,
} ,
. read_group_id = > switch ( try reader . takeByte ( ) ) {
'\n' , ':' = > return . {
. uid = uid ,
. gid = gid ,
} ,
else = > | byte | {
const digit = switch ( byte ) {
'0' .. . '9' = > byte - '0' ,
else = > return error . CorruptPasswordFile ,
} ;
{
const ov = @mulWithOverflow ( gid , 10 ) ;
if ( ov [ 1 ] != 0 ) return error . CorruptPasswordFile ;
gid = ov [ 0 ] ;
}
{
const ov = @addWithOverflow ( gid , digit ) ;
if ( ov [ 1 ] != 0 ) return error . CorruptPasswordFile ;
gid = ov [ 0 ] ;
}
continue : sw . read_group_id ;
} ,
} ,
2019-05-24 18:27:18 -04:00
}
2025-08-27 21:20:18 -07:00
comptime unreachable ;
2019-05-24 18:27:18 -04:00
}
2019-05-26 13:17:34 -04:00
pub fn getBaseAddress ( ) usize {
2024-03-18 22:39:59 -07:00
switch ( native_os ) {
2019-05-26 13:17:34 -04:00
. linux = > {
2025-11-08 23:03:10 -05:00
const phdrs = std . posix . getSelfPhdrs ( ) ;
var base : usize = 0 ;
for ( phdrs ) | phdr | switch ( phdr . type ) {
. LOAD = > return base + phdr . vaddr ,
. PHDR = > base = @intFromPtr ( phdrs . ptr ) - phdr . vaddr ,
else = > { } ,
} else unreachable ;
2019-05-26 13:17:34 -04:00
} ,
2025-11-13 18:05:46 +01:00
. driverkit , . ios , . maccatalyst , . macos , . tvos , . visionos , . watchos = > {
2023-06-15 13:14:16 +06:00
return @intFromPtr ( & std . c . _mh_execute_header ) ;
2019-05-26 13:17:34 -04:00
} ,
2024-03-18 22:39:59 -07:00
. windows = > return @intFromPtr ( windows . kernel32 . GetModuleHandleW ( null ) ) ,
2019-05-26 13:17:34 -04:00
else = > @compileError ( " Unsupported OS " ) ,
}
}
2020-02-17 15:23:59 -05:00
2020-12-26 13:50:26 -07:00
/// Tells whether calling the `execv` or `execve` functions will be a compile error.
2024-03-18 22:39:59 -07:00
pub const can_execv = switch ( native_os ) {
2022-02-03 15:27:01 -07:00
. windows , . haiku , . wasi = > false ,
else = > true ,
} ;
2024-05-02 20:20:41 -07:00
/// Tells whether spawning child processes is supported (e.g. via Child)
2024-03-18 22:39:59 -07:00
pub const can_spawn = switch ( native_os ) {
2025-11-13 18:05:46 +01:00
. wasi , . ios , . tvos , . visionos , . watchos = > false ,
2021-05-22 00:56:30 -05:00
else = > true ,
} ;
2020-12-26 13:50:26 -07:00
2024-03-18 22:39:59 -07:00
pub const ExecvError = std . posix . ExecveError || error { OutOfMemory } ;
2020-12-26 13:50:26 -07:00
/// Replaces the current process image with the executed process.
/// This function must allocate memory to add a null terminating bytes on path and each arg.
/// It must also convert to KEY=VALUE\0 format for environment variables, and include null
/// pointers after the args and after the environment variables.
/// `argv[0]` is the executable path.
/// This function also uses the PATH environment variable to get the full path to the executable.
/// Due to the heap-allocation, it is illegal to call this function in a fork() child.
2024-03-18 22:39:59 -07:00
/// For that use case, use the `std.posix` functions directly.
2022-11-10 14:00:55 -07:00
pub fn execv ( allocator : Allocator , argv : [ ] const [ ] const u8 ) ExecvError {
2020-12-26 13:50:26 -07:00
return execve ( allocator , argv , null ) ;
}
/// Replaces the current process image with the executed process.
/// This function must allocate memory to add a null terminating bytes on path and each arg.
/// It must also convert to KEY=VALUE\0 format for environment variables, and include null
/// pointers after the args and after the environment variables.
/// `argv[0]` is the executable path.
/// This function also uses the PATH environment variable to get the full path to the executable.
/// Due to the heap-allocation, it is illegal to call this function in a fork() child.
2024-03-18 22:39:59 -07:00
/// For that use case, use the `std.posix` functions directly.
2020-12-26 13:50:26 -07:00
pub fn execve (
2022-11-10 14:00:55 -07:00
allocator : Allocator ,
2020-12-26 13:50:26 -07:00
argv : [ ] const [ ] const u8 ,
2022-02-06 23:52:08 -07:00
env_map : ? * const EnvMap ,
2020-12-26 13:50:26 -07:00
) ExecvError {
if ( ! can_execv ) @compileError ( " The target OS does not support execv " ) ;
var arena_allocator = std . heap . ArenaAllocator . init ( allocator ) ;
defer arena_allocator . deinit ( ) ;
2021-10-29 02:08:41 +01:00
const arena = arena_allocator . allocator ( ) ;
2020-12-26 13:50:26 -07:00
2023-06-01 21:03:33 -04:00
const argv_buf = try arena . allocSentinel ( ? [ * : 0 ] const u8 , argv . len , null ) ;
2023-02-18 09:02:57 -07:00
for ( argv , 0 .. ) | arg , i | argv_buf [ i ] = ( try arena . dupeZ ( u8 , arg ) ) . ptr ;
2020-12-26 13:50:26 -07:00
const envp = m : {
if ( env_map ) | m | {
2024-05-23 11:25:41 -07:00
const envp_buf = try createNullDelimitedEnvMap ( arena , m ) ;
2020-12-26 13:50:26 -07:00
break : m envp_buf . ptr ;
2021-10-04 23:47:27 -07:00
} else if ( builtin . link_libc ) {
2020-12-26 13:50:26 -07:00
break : m std . c . environ ;
2021-10-04 23:47:27 -07:00
} else if ( builtin . output_mode == . Exe ) {
2020-12-26 13:50:26 -07:00
// Then we have Zig start code and this works.
// TODO type-safety for null-termination of `os.environ`.
2024-03-18 22:39:59 -07:00
break : m @as ( [ * : null ] const ? [ * : 0 ] const u8 , @ptrCast ( std . os . environ . ptr ) ) ;
2020-12-26 13:50:26 -07:00
} else {
// TODO come up with a solution for this.
@compileError ( " missing std lib enhancement: std.process.execv implementation has no way to collect the environment variables to forward to the child process " ) ;
}
} ;
2024-03-18 22:39:59 -07:00
return posix . execvpeZ_expandArg0 ( . no_expand , argv_buf . ptr [ 0 ] .? , argv_buf . ptr , envp ) ;
2020-12-26 13:50:26 -07:00
}
2023-03-06 00:19:32 -07:00
pub const TotalSystemMemoryError = error {
UnknownTotalSystemMemory ,
} ;
2024-01-21 22:16:22 -08:00
/// Returns the total system memory, in bytes as a u64.
/// We return a u64 instead of usize due to PAE on ARM
/// and Linux's /proc/meminfo reporting more memory when
/// using QEMU user mode emulation.
pub fn totalSystemMemory ( ) TotalSystemMemoryError ! u64 {
2024-03-18 22:39:59 -07:00
switch ( native_os ) {
2023-03-06 00:19:32 -07:00
. linux = > {
2025-04-11 13:28:22 -04:00
var info : std . os . linux . Sysinfo = undefined ;
const result : usize = std . os . linux . sysinfo ( & info ) ;
2025-11-14 23:16:55 +01:00
if ( std . os . linux . errno ( result ) != . SUCCESS ) {
2025-04-11 13:28:22 -04:00
return error . UnknownTotalSystemMemory ;
}
2025-08-27 22:16:21 -07:00
// Promote to u64 to avoid overflow on systems where info.totalram is a 32-bit usize
return @as ( u64 , info . totalram ) * info . mem_unit ;
2023-03-06 00:19:32 -07:00
} ,
2023-07-31 11:20:21 -07:00
. freebsd = > {
2023-04-21 23:23:14 +01:00
var physmem : c_ulong = undefined ;
var len : usize = @sizeOf ( c_ulong ) ;
2024-03-18 22:39:59 -07:00
posix . sysctlbynameZ ( " hw.physmem " , & physmem , & len , null , 0 ) catch | err | switch ( err ) {
2025-08-21 11:36:57 +01:00
error . UnknownName = > unreachable ,
2023-07-31 22:10:42 -07:00
else = > return error . UnknownTotalSystemMemory ,
2023-04-21 23:23:14 +01:00
} ;
2025-08-25 20:25:53 +01:00
return @as ( u64 , @intCast ( physmem ) ) ;
} ,
// whole Darwin family
2025-11-13 18:05:46 +01:00
. driverkit , . ios , . maccatalyst , . macos , . tvos , . visionos , . watchos = > {
2025-08-25 20:25:53 +01:00
// "hw.memsize" returns uint64_t
var physmem : u64 = undefined ;
var len : usize = @sizeOf ( u64 ) ;
posix . sysctlbynameZ ( " hw.memsize " , & physmem , & len , null , 0 ) catch | err | switch ( err ) {
error . PermissionDenied = > unreachable , // only when setting values,
error . SystemResources = > unreachable , // memory already on the stack
error . UnknownName = > unreachable , // constant, known good value
else = > return error . UnknownTotalSystemMemory ,
} ;
return physmem ;
2023-04-21 23:23:14 +01:00
} ,
2023-06-15 14:48:20 -04:00
. openbsd = > {
const mib : [ 2 ] c_int = [ _ ] c_int {
2024-03-18 22:39:59 -07:00
posix . CTL . HW ,
posix . HW . PHYSMEM64 ,
2023-06-15 14:48:20 -04:00
} ;
var physmem : i64 = undefined ;
var len : usize = @sizeOf ( @TypeOf ( physmem ) ) ;
2024-03-18 22:39:59 -07:00
posix . sysctl ( & mib , & physmem , & len , null , 0 ) catch | err | switch ( err ) {
2023-06-15 14:48:20 -04:00
error . NameTooLong = > unreachable , // constant, known good value
error . PermissionDenied = > unreachable , // only when setting values,
error . SystemResources = > unreachable , // memory already on the stack
error . UnknownName = > unreachable , // constant, known good value
else = > return error . UnknownTotalSystemMemory ,
} ;
assert ( physmem >= 0 ) ;
2024-01-21 22:16:22 -08:00
return @as ( u64 , @bitCast ( physmem ) ) ;
2023-06-15 14:48:20 -04:00
} ,
2023-03-06 00:19:32 -07:00
. windows = > {
2024-03-18 22:39:59 -07:00
var sbi : windows . SYSTEM_BASIC_INFORMATION = undefined ;
const rc = windows . ntdll . NtQuerySystemInformation (
2023-04-12 18:22:07 -05:00
. SystemBasicInformation ,
& sbi ,
2024-03-18 22:39:59 -07:00
@sizeOf ( windows . SYSTEM_BASIC_INFORMATION ) ,
2023-04-12 18:22:07 -05:00
null ,
) ;
if ( rc != . SUCCESS ) {
2023-04-04 18:08:02 +02:00
return error . UnknownTotalSystemMemory ;
2023-04-12 18:22:07 -05:00
}
2024-01-21 22:16:22 -08:00
return @as ( u64 , sbi . NumberOfPhysicalPages ) * sbi . PageSize ;
2023-03-06 00:19:32 -07:00
} ,
else = > return error . UnknownTotalSystemMemory ,
}
}
2023-03-12 00:34:11 -07:00
/// Indicate that we are now terminating with a successful exit code.
/// In debug builds, this is a no-op, so that the calling code's
/// cleanup mechanisms are tested and so that external tools that
/// check for resource leaks can be accurate. In release builds, this
/// calls exit(0), and does not return.
pub fn cleanExit ( ) void {
if ( builtin . mode == . Debug ) {
return ;
} else {
2024-05-27 10:49:26 -07:00
std . debug . lockStdErr ( ) ;
2023-03-12 00:34:11 -07:00
exit ( 0 ) ;
}
}
2024-05-03 18:10:33 -07:00
/// Raise the open file descriptor limit.
///
/// On some systems, this raises the limit before seeing ProcessFdQuotaExceeded
/// errors. On other systems, this does nothing.
pub fn raiseFileDescriptorLimit ( ) void {
2024-07-18 23:35:19 -07:00
const have_rlimit = posix . rlimit_resource != void ;
2024-05-03 18:10:33 -07:00
if ( ! have_rlimit ) return ;
var lim = posix . getrlimit ( . NOFILE ) catch return ; // Oh well; we tried.
if ( native_os . isDarwin ( ) ) {
// On Darwin, `NOFILE` is bounded by a hardcoded value `OPEN_MAX`.
// According to the man pages for setrlimit():
// setrlimit() now returns with errno set to EINVAL in places that historically succeeded.
// It no longer accepts "rlim_cur = RLIM.INFINITY" for RLIM.NOFILE.
// Use "rlim_cur = min(OPEN_MAX, rlim_max)".
lim . max = @min ( std . c . OPEN_MAX , lim . max ) ;
}
if ( lim . cur == lim . max ) return ;
// Do a binary search for the limit.
var min : posix . rlim_t = lim . cur ;
var max : posix . rlim_t = 1 << 20 ;
// But if there's a defined upper bound, don't search, just set it.
if ( lim . max != posix . RLIM . INFINITY ) {
min = lim . max ;
max = lim . max ;
}
while ( true ) {
lim . cur = min + @divTrunc ( max - min , 2 ) ; // on freebsd rlim_t is signed
if ( posix . setrlimit ( . NOFILE , lim ) ) | _ | {
min = lim . cur ;
} else | _ | {
max = lim . cur ;
}
if ( min + 1 >= max ) break ;
}
}
test raiseFileDescriptorLimit {
raiseFileDescriptorLimit ( ) ;
}
2024-05-23 11:25:41 -07:00
2024-05-23 14:10:03 -07:00
pub const CreateEnvironOptions = struct {
2024-05-23 20:22:58 -07:00
/// `null` means to leave the `ZIG_PROGRESS` environment variable unmodified.
/// If non-null, negative means to remove the environment variable, and >= 0
/// means to provide it with the given integer.
zig_progress_fd : ? i32 = null ,
2024-05-23 14:10:03 -07:00
} ;
2024-07-10 00:25:42 +03:00
/// Creates a null-delimited environment variable block in the format
2024-05-23 20:22:58 -07:00
/// expected by POSIX, from a hash map plus options.
pub fn createEnvironFromMap (
arena : Allocator ,
map : * const EnvMap ,
options : CreateEnvironOptions ,
) Allocator . Error ! [ : null ] ? [ * : 0 ] u8 {
const ZigProgressAction = enum { nothing , edit , delete , add } ;
const zig_progress_action : ZigProgressAction = a : {
const fd = options . zig_progress_fd orelse break : a . nothing ;
const contains = map . get ( " ZIG_PROGRESS " ) != null ;
if ( fd >= 0 ) {
break : a if ( contains ) . edit else . add ;
} else {
if ( contains ) break : a . delete ;
2024-05-23 14:10:03 -07:00
}
2024-05-23 20:22:58 -07:00
break : a . nothing ;
2024-05-23 14:10:03 -07:00
} ;
2024-05-23 20:22:58 -07:00
2024-05-26 12:08:15 -07:00
const envp_count : usize = c : {
var count : usize = map . count ( ) ;
switch ( zig_progress_action ) {
. add = > count += 1 ,
. delete = > count -= 1 ,
. nothing , . edit = > { } ,
}
break : c count ;
} ;
2024-05-23 20:22:58 -07:00
2024-05-23 11:25:41 -07:00
const envp_buf = try arena . allocSentinel ( ? [ * : 0 ] u8 , envp_count , null ) ;
2024-05-23 14:10:03 -07:00
var i : usize = 0 ;
2024-05-23 20:22:58 -07:00
if ( zig_progress_action == . add ) {
2025-06-27 20:05:22 -07:00
envp_buf [ i ] = try std . fmt . allocPrintSentinel ( arena , " ZIG_PROGRESS={d} " , . { options . zig_progress_fd .? } , 0 ) ;
2024-05-23 20:22:58 -07:00
i += 1 ;
2024-05-23 14:10:03 -07:00
}
2024-05-23 20:22:58 -07:00
{
var it = map . iterator ( ) ;
while ( it . next ( ) ) | pair | {
if ( mem . eql ( u8 , pair . key_ptr .* , " ZIG_PROGRESS " ) ) switch ( zig_progress_action ) {
. add = > unreachable ,
. delete = > continue ,
. edit = > {
2025-06-27 20:05:22 -07:00
envp_buf [ i ] = try std . fmt . allocPrintSentinel ( arena , " {s}={d} " , . {
2024-05-23 20:22:58 -07:00
pair . key_ptr .* , options . zig_progress_fd .? ,
2025-06-27 20:05:22 -07:00
} , 0 ) ;
2024-05-23 20:22:58 -07:00
i += 1 ;
continue ;
} ,
. nothing = > { } ,
} ;
2024-05-23 14:10:03 -07:00
2025-06-27 20:05:22 -07:00
envp_buf [ i ] = try std . fmt . allocPrintSentinel ( arena , " {s}={s} " , . { pair . key_ptr .* , pair . value_ptr .* } , 0 ) ;
2024-05-23 20:22:58 -07:00
i += 1 ;
2024-05-23 11:25:41 -07:00
}
}
2024-05-23 14:10:03 -07:00
assert ( i == envp_count ) ;
2024-05-23 11:25:41 -07:00
return envp_buf ;
}
2024-07-10 00:25:42 +03:00
/// Creates a null-delimited environment variable block in the format
2024-05-23 20:22:58 -07:00
/// expected by POSIX, from a hash map plus options.
pub fn createEnvironFromExisting (
arena : Allocator ,
existing : [ * : null ] const ? [ * : 0 ] const u8 ,
options : CreateEnvironOptions ,
) Allocator . Error ! [ : null ] ? [ * : 0 ] u8 {
const existing_count , const contains_zig_progress = c : {
var count : usize = 0 ;
var contains = false ;
while ( existing [ count ] ) | line | : ( count += 1 ) {
contains = contains or mem . eql ( u8 , mem . sliceTo ( line , '=' ) , " ZIG_PROGRESS " ) ;
}
break : c . { count , contains } ;
} ;
const ZigProgressAction = enum { nothing , edit , delete , add } ;
const zig_progress_action : ZigProgressAction = a : {
const fd = options . zig_progress_fd orelse break : a . nothing ;
if ( fd >= 0 ) {
break : a if ( contains_zig_progress ) . edit else . add ;
} else {
if ( contains_zig_progress ) break : a . delete ;
}
break : a . nothing ;
} ;
2024-05-26 12:08:15 -07:00
const envp_count : usize = c : {
var count : usize = existing_count ;
switch ( zig_progress_action ) {
. add = > count += 1 ,
. delete = > count -= 1 ,
. nothing , . edit = > { } ,
}
break : c count ;
} ;
2024-05-23 20:22:58 -07:00
const envp_buf = try arena . allocSentinel ( ? [ * : 0 ] u8 , envp_count , null ) ;
var i : usize = 0 ;
var existing_index : usize = 0 ;
if ( zig_progress_action == . add ) {
2025-06-27 20:05:22 -07:00
envp_buf [ i ] = try std . fmt . allocPrintSentinel ( arena , " ZIG_PROGRESS={d} " , . { options . zig_progress_fd .? } , 0 ) ;
2024-05-23 20:22:58 -07:00
i += 1 ;
}
while ( existing [ existing_index ] ) | line | : ( existing_index += 1 ) {
if ( mem . eql ( u8 , mem . sliceTo ( line , '=' ) , " ZIG_PROGRESS " ) ) switch ( zig_progress_action ) {
. add = > unreachable ,
. delete = > continue ,
. edit = > {
2025-06-27 20:05:22 -07:00
envp_buf [ i ] = try std . fmt . allocPrintSentinel ( arena , " ZIG_PROGRESS={d} " , . { options . zig_progress_fd .? } , 0 ) ;
2024-05-23 20:22:58 -07:00
i += 1 ;
continue ;
} ,
. nothing = > { } ,
} ;
envp_buf [ i ] = try arena . dupeZ ( u8 , mem . span ( line ) ) ;
i += 1 ;
}
assert ( i == envp_count ) ;
return envp_buf ;
}
pub fn createNullDelimitedEnvMap ( arena : mem . Allocator , env_map : * const EnvMap ) Allocator . Error ! [ : null ] ? [ * : 0 ] u8 {
return createEnvironFromMap ( arena , env_map , . { } ) ;
2024-05-23 14:10:03 -07:00
}
2024-05-23 11:25:41 -07:00
test createNullDelimitedEnvMap {
const allocator = testing . allocator ;
var envmap = EnvMap . init ( allocator ) ;
defer envmap . deinit ( ) ;
try envmap . put ( " HOME " , " /home/ifreund " ) ;
try envmap . put ( " WAYLAND_DISPLAY " , " wayland-1 " ) ;
try envmap . put ( " DISPLAY " , " :1 " ) ;
try envmap . put ( " DEBUGINFOD_URLS " , " " ) ;
try envmap . put ( " XCURSOR_SIZE " , " 24 " ) ;
var arena = std . heap . ArenaAllocator . init ( allocator ) ;
defer arena . deinit ( ) ;
const environ = try createNullDelimitedEnvMap ( arena . allocator ( ) , & envmap ) ;
try testing . expectEqual ( @as ( usize , 5 ) , environ . len ) ;
inline for ( . {
" HOME=/home/ifreund " ,
" WAYLAND_DISPLAY=wayland-1 " ,
" DISPLAY=:1 " ,
" DEBUGINFOD_URLS= " ,
" XCURSOR_SIZE=24 " ,
} ) | target | {
for ( environ ) | variable | {
if ( mem . eql ( u8 , mem . span ( variable orelse continue ) , target ) ) break ;
} else {
try testing . expect ( false ) ; // Environment variable not found
}
}
}
/// Caller must free result.
pub fn createWindowsEnvBlock ( allocator : mem . Allocator , env_map : * const EnvMap ) ! [ ] u16 {
// count bytes needed
const max_chars_needed = x : {
2025-03-17 17:53:12 -07:00
// Only need 2 trailing NUL code units for an empty environment
var max_chars_needed : usize = if ( env_map . count ( ) == 0 ) 2 else 1 ;
2024-05-23 11:25:41 -07:00
var it = env_map . iterator ( ) ;
while ( it . next ( ) ) | pair | {
// +1 for '='
// +1 for null byte
max_chars_needed += pair . key_ptr . len + pair . value_ptr . len + 2 ;
}
break : x max_chars_needed ;
} ;
const result = try allocator . alloc ( u16 , max_chars_needed ) ;
errdefer allocator . free ( result ) ;
var it = env_map . iterator ( ) ;
var i : usize = 0 ;
while ( it . next ( ) ) | pair | {
i += try unicode . wtf8ToWtf16Le ( result [ i .. ] , pair . key_ptr .* ) ;
result [ i ] = '=' ;
i += 1 ;
i += try unicode . wtf8ToWtf16Le ( result [ i .. ] , pair . value_ptr .* ) ;
result [ i ] = 0 ;
i += 1 ;
}
result [ i ] = 0 ;
i += 1 ;
2025-03-17 17:53:12 -07:00
// An empty environment is a special case that requires a redundant
// NUL terminator. CreateProcess will read the second code unit even
// though theoretically the first should be enough to recognize that the
// environment is empty (see https://nullprogram.com/blog/2023/08/23/)
if ( env_map . count ( ) == 0 ) {
result [ i ] = 0 ;
i += 1 ;
}
2024-05-23 11:25:41 -07:00
return try allocator . realloc ( result , i ) ;
}
2024-07-19 17:38:15 -07:00
/// Logs an error and then terminates the process with exit code 1.
pub fn fatal ( comptime format : [ ] const u8 , format_arguments : anytype ) noreturn {
std . log . err ( format , format_arguments ) ;
exit ( 1 ) ;
}
