Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(668)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/metrics/persistent_memory_allocator.h

Issue 2487303002: Added comment about using fixed-size objects when data could be passed between different CPU archit… (Closed)
Patch Set: removed extra space Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_ 5 #ifndef BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_
6 #define BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_ 6 #define BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <atomic> 10 #include <atomic>
(...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after
217 217
218 // Get an object referenced by a |ref|. For safety reasons, the |type_id| 218 // Get an object referenced by a |ref|. For safety reasons, the |type_id|
219 // code and size-of(|T|) are compared to ensure the reference is valid 219 // code and size-of(|T|) are compared to ensure the reference is valid
220 // and cannot return an object outside of the memory segment. A |type_id| of 220 // and cannot return an object outside of the memory segment. A |type_id| of
221 // kTypeIdAny (zero) will match any though the size is still checked. NULL is 221 // kTypeIdAny (zero) will match any though the size is still checked. NULL is
222 // returned if any problem is detected, such as corrupted storage or incorrect 222 // returned if any problem is detected, such as corrupted storage or incorrect
223 // parameters. Callers MUST check that the returned value is not-null EVERY 223 // parameters. Callers MUST check that the returned value is not-null EVERY
224 // TIME before accessing it or risk crashing! Once dereferenced, the pointer 224 // TIME before accessing it or risk crashing! Once dereferenced, the pointer
225 // is safe to reuse forever. 225 // is safe to reuse forever.
226 // 226 //
227 // IMPORTANT: If there is any possibility that this allocator will be shared
228 // across different CPU architectures (perhaps because it is being persisted
229 // to disk), then it is essential that the object be of a fixed size. All
230 // fields must be of a defined type that does not change across CPU architec-
231 // tures or natural word sizes (i.e. 32/64 bit). Acceptable are char and
232 // (u)intXX_t. Unacceptable are int, bool, or wchar_t which are implemen-
233 // tation defined with regards to their size.
234 //
235 // ALSO: Alignment must be consistent. A uint64_t after a uint32_t will pad
236 // differently between 32 and 64 bit architectures. Either put the bigger
237 // elements first, group smaller elements into blocks the size of larger
238 // elements, or manually insert padding fields as appropriate.
239 //
227 // NOTE: Though this method will guarantee that an object of the specified 240 // NOTE: Though this method will guarantee that an object of the specified
228 // type can be accessed without going outside the bounds of the memory 241 // type can be accessed without going outside the bounds of the memory
229 // segment, it makes no guarantees of the validity of the data within the 242 // segment, it makes no guarantees of the validity of the data within the
230 // object itself. If it is expected that the contents of the segment could 243 // object itself. If it is expected that the contents of the segment could
231 // be compromised with malicious intent, the object must be hardened as well. 244 // be compromised with malicious intent, the object must be hardened as well.
232 // 245 //
233 // Though the persistent data may be "volatile" if it is shared with 246 // Though the persistent data may be "volatile" if it is shared with
234 // other processes, such is not necessarily the case. The internal 247 // other processes, such is not necessarily the case. The internal
235 // "volatile" designation is discarded so as to not propagate the viral 248 // "volatile" designation is discarded so as to not propagate the viral
236 // nature of that keyword to the caller. It can add it back, if necessary, 249 // nature of that keyword to the caller. It can add it back, if necessary,
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after
459 private: 472 private:
460 std::unique_ptr<MemoryMappedFile> mapped_file_; 473 std::unique_ptr<MemoryMappedFile> mapped_file_;
461 474
462 DISALLOW_COPY_AND_ASSIGN(FilePersistentMemoryAllocator); 475 DISALLOW_COPY_AND_ASSIGN(FilePersistentMemoryAllocator);
463 }; 476 };
464 #endif // !defined(OS_NACL) 477 #endif // !defined(OS_NACL)
465 478
466 } // namespace base 479 } // namespace base
467 480
468 #endif // BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_ 481 #endif // BASE_METRICS_PERSISTENT_MEMORY_ALLOCATOR_H_
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698